Tuesday, August 21, 2012

How to spot a fake email

Every so often I get a call or an email saying "I've just had this email can I click on the link" and each time I end up repeating the same bits of advice. So how to spot the fakes.

First Rule:

If you are unsure at all don't click on any links! Better safe than sorry.

Second Rule:

Were you expecting an email from this organisation or person? From friends and family that's a difficult one to answer particularly if they're the type who forward you every 'funny' thing they see. If it's unexpected treat it as suspicious.

Third Rule:

Look at where the link is trying to send you. In Outlook hover over it with the mouse and a popup will appear; in web browsers it'll often appear at the bottom of the page. A failed delivery notice from UPS for instance is unlikely to try to send you to lkajdlfjalkldaifj.com/WErkljsadfiiD.html

Third Rule - codicil:

Just because the address contains the name of the organisation doesn't mean it's genuine. Look at the bit directly in front of the .co.uk, .com, .net suffix - that's  where you're going. There's nothing to stop me setting up a site called hb.com and then directing you to hsbc.hb.com or tesco.hb.com. You're not going to their sites you're going to my hb.com site.

Fourth Rule:

If you are unsure at all don't click on any links! Yes I know that's the first rule but it's really important. If you get an email purporting to be from your bank saying click here to access your account and you find it suspicious, don't do it. Open your browser and access your bank the way you normally do it. In fact even if you don't find it suspicious just get into the habit of accessing your bank or other sites using the browser directly.

There we go. Follow those rules and you shouldn't have any problems.

Oh and course that's not to say legitimate businesses don't cock it up too.

2 comments:

Anonymous said...

You omitted the most important rule.

Any genuine email will address you by NAME.

If it starts "Dear Customer" you know it's a scam after reading just 2 words.

FlipC said...

It's a good point, but not a given - my broadband providers emails to check my statements don't address me by name and just use the account number.

My bank indeed addresses me by name, but I get "Dear Amazon.co.uk Customer" from... well Amazon similar to other mailshots. If I get something purporting to be from Amazon saying there's a problem with my account and can I log in using this link them not using my name won't ring any alarm bells. But the link going to amazon.hb.co.uk should.