- Dave Kinzer
Don't Get Caught By A Phishing Scam
My wife and I have been under attack lately. From phishers.
A phisher will use emails and texts to scam an individual out of their money. Phishing is different from a lot of other scams because usually these crooks are not trying to get you to buy anything. They’re after information. Once they've stolen your information, then they'll go for your money.
If you get an email from these guys, it's probably safe to assume that they already have your name, address, and phone number. The information they really want is your social security number, bank account or credit card number, and maybe your username and password for various accounts.
I bet you’re thinking, “I would never fall for a scam where I’d have to give my credit card number to somebody I didn’t know.”
I don’t blame you, but somebody’s falling for these phishing scams hook, line, and sinker: According to the Federal Trade Commission, Americans lost over $57 million to phishers in just one year.
Phishers send you emails that look almost exactly like a legitimate email from a company you do business with. They will reproduce the logo of the company perfectly. They’ll even go to the trouble of including working links for “privacy”, “help center”, and “terms of service”.
Usually the email will say something about a problem with your account, and to continue your service, they need you to verify your credit card information or your account will be closed. Since you don’t want your account to be closed, you click the link.
Then you'll be taken to a fake website that, if the crooks are good, it will look exactly like the real website. So you enter your credit card number, click “submit”, and feel good that you avoided that headache.
A week later, your credit card statement arrives and says you bought several televisions and other high-priced goods you know you didn’t buy.
You got phished.
My wife and I recently received five emails, supposedly from Netflix, in one week in August.
Unfortunately for the scammers, we knew without a doubt that these emails were fake without even opening them. How did we know? Easy- we didn’t have an account with Netflix!
How will you know it’s fake if you actually do have an account with the company, though? First, scan all aspects of the email for any strange words or phrases, and for errors in punctuation, grammar, and spelling.
Take a look at the subject line from one of the emails: “Re: (update received) Alert: Status added update payment from Netflix”.
Notice how awkward it is? It’s extremely clumsy wording, and difficult to figure out exactly what Netflix wanted, if it really was from them.
Now read the first sentence in the email. See if you can spot all the mistakes:
“Unfortunely, we cannot authorize our payment for next billing cycle of your subcription, Netflix was unable to recieve a payment because the financial institution rejected the monthly charge.”
I counted six errors in the first (run-on) sentence alone. If you read the rest of the email, you'll see that there is at least one error in three of the four sentences. Netflix would never be that sloppy.
Here's a screenshot of entire email I received:
See anything else kind of strange? How about the greeting? It doesn't use my name. It just says, “Hi”. Any company that uses email for communication with its customers is going to greet you by name, or at least your username.
Also, check this out:
The top line is supposed to be the name of the sender of the email. It starts off fine, saying it's from "Netflix", but if you look closely, something is wrong with the "l". It's almost as if they used a different font for just that letter. Then look at the nonsense that follows, starting with "murid".
What is all that mumbo-jumbo gibberish? A legitimate email from Netflix, or any other honest company, would not have a return email address that looked like that.
Kind of funny- just a few days after we received these fake emails, my wife and I actually did sign up for Netflix. The real Netflix sent us a "welcome" email, and here's what the return email address actually looks like:
Big difference, huh?
So what do you do if you get one of these phishing emails? First, don’t panic! Simply opening an email won’t harm you in any way. Just be sure that you don’t click on any links in the email. If you want to report it, forward it to the Anti-Phishing Working Group at firstname.lastname@example.org. Then delete the email.
If you do have an account with the company in the email, but you’re not sure if it’s fake or not, there’s a very simple step you can take to find out if there really is a problem with your account.
Instead of clicking any link in the questionable email, just go directly to the company’s website by typing its address in your browser. If there really is a problem with your account, you’ll likely know as soon as you login.
Unfortunately, phishing is something we all need to watch out for. Take a close look at any email asking you for sensitive information and make sure they don’t reel you in.