HomeAbout UsWebsite DesignWeb Design FAQ'sSEOVideoBlogTestimonialsPortfolioContact

WEBSOURCE LLC is a website design company based in Dayton Ohio. Read more from our Blog or catch us on Twitter.

How to spot a scam email

So, are Nigerians really giving away thousands of dollars for helping them move large sums to American banks? Is your bank really asking you to confirm your personal details because they've detected some fraudulent activity on your account? That one might get our attention - at least for a couple of seconds.

Of course, giving away your personal information will inevitably lead to your identity being stolen. At the least, following links in these emails will lead to nasty little viruses or spyware being installed on your PC.

Well, I got one this morning that I thought was worth sharing. I thought perhaps this would be a good opportunity to try and highlight some of the things that should help you identify the spam and the scams from legitimate emails.

This one appears to have come from North West Airlines. Subject line was “E-ticket #4476185305”. It also included an attachment, which it referred to in the email as including my ticket and invoice.

Here was the main text:

====================
-----Original Message-----
From: Northwest Airlines [mailto:tickets@nwa.com]

Hello!
Thank you for using our new service "Buy Northwest Airlines ticket Online" on our website.

Your account has been created:
Your login: me@mydomain.com (I've removed my real email address here of course)
Your password: pasS_8915X2FW
Your credit card has been charged for $421.12.

We would like to remind you that whenever you order tickets on our website you get a discount of 10%! Attached to this message is the purchase Invoice and the Northwest Airlines ticket.
To use your ticket, simply print it on a color printed, and you are set to take off for the journey!

Kind regards,
Dorian Mckinney, Northwest Airlines
====================

At first glance, you might be worried to get something like this – goodness, they said my credit card had just been charged $421 for a ticket! But it was most definitely a scam. So, how did I instantly know?

Here were some flags I noted:

  1. Yes, the email did appear to come from North West. By that, I mean the email address - tickets@nwa.com - looked authentic - but do you know that virtually anyone can forge a from/return addresses on an email as easily as you can write a fictitious return address on an envelope using snail mail? With email, it’s as easy as editing your account in Outlook. Pretty scary, but true.
  2. Genuine email would probably be a little more sophisticated in appearance than this one is. Seems like a lot of spam originates from foreign countries, so they don’t always do a good job with grammar (‘simply print it on a color printed’??) and a lot of them lack a professional appearance. However, if a suspect email looks good, that alone shouldn’t make you comfortable either.
  3. Notice how there is no other information - other than my email address - that validates my identity in the main body of the email. They didn't refer me by name, it didn’t show my address, what flight I had booked, dates of travel, what type of credit card I used – nothing. This is by design – they want me to look up the details in the attachment, which they claim included my invoice and ticket.
  4. Finally, you might have be tempted to go to nwa.com to research something like this (btw – NWA don't even use email addresses and passwords to log into accounts, they use customer numbers). Word of warning, in this case, I know nwa.com was a genuine website, but if you are in doubt about the authenticity of a website, don’t even try. I’ve seen plenty of email/website links with addresses like “paypalwebsite.com” or “ebay-payments.com” (I just made those up but you get the idea). What you could do is a simple Google search for the company name to see if the website address is real. In any case, always go to your web browser and type in the address manually. Never click on links in suspect emails. More sophisticated emails might show you links that look genuine but when you click on them, may still take you to an address other than the one you thought you were going to.
  5. Interestingly, most dodgy emails are designed to get you to click on links – links that often appear genuine, but are very dangerous. This email contained nothing like that – it didn’t even contain a link to Northwest – genuine or otherwise - another flag. This is all by design - they wanted me to open the attachment instead. So, while it might have been tempting to immediately open the "purchase invoice and tickets" attachment, I certainly did NOT.

Regarding attachments - these kinds of emails (with attachments) aren’t quite as common as they used to be because more people know attachments can be unsafe. But what kind of attachments are unsafe? Most people know they shouldn’t be opening .exe files, but are you aware that any office document can contain a virus? In this case, it was a zip file – which can basically include anything. The golden rule – unless you expect the attachment and trust the source, don’t click.
Posted: 6/12/09
Websource LLC Blog
Back to Blog
Bookmark and Share
Home | About | Website Design | FAQ's | Web Video | Content Management | Ecommerce | SEO | Testimonials | Portfolio | Blog | Ohio Advertising | Contact
© WEBSOURCE LLC 2010 | Small Business Website Design Dayton Ohio
Beavercreek, Ohio, 45430

Visa Mastercard
Visa & Mastercard Accepted
Website Design · Content Management · Ecommerce
Search Engine Optimization (SEO) & Search Marketing (PPC)

Valid HTML 4.01!