How to find out if an email is a scam ?
Email is by far the number one online scam weapon: with a database of nearly 30,000 email addresses, Signal-Arnaques knows what it’s talking about ! Often coarse, the scams contained in these emails leave most people totally indifferent, but some crooks know how to “optimize” their writing using subtlety, wit and malice. What types of scams can you receive by email ? How to recognize and defeat them ? This is the purpose of this little guide to share without moderation !
Some reflexes to adopt, without falling into paranoia (if you can !)
An unknown contact asks you to send him personal information ? Even if they seem to you rather harmless, beware, because they are essential for scammers. Whether to use your login credentials, or to drag a spy file (malware) into your computer, or even to scan your computer to find sensitive information (personal address, bank details, etc.), every detail can be useful to them.
Let’s start with the solution: Scamdoc, a tool to help Internet users
In December 2018, the Signal-Arnaques team launched a new service to help Internet users to comb through emails found on the web: ScamDoc.com. For any e-mail address questioned it will give you a trust score.
Use it and share it as much as needed: it relies on an algorithm of artificial intelligence and it’s really relevant. Here is the kind of message you might get :
Welcome to a world of various and varied cheating !
You’d better be warned about the 3 big families of scams, as they abound on the Internet and in our mailboxes :
– Phishing scams
– Confidence scams or “brouteurs” scams
– Malware scam
Sounds complicated? Don’t worry, it’s nothing but very simple ?
1. Phishing scams
Phishing scam is very common and simple: you receive a fraudulent email that imitates a trustworthy organization you are likely to know well (your bank, your tax center, your mobile phone operator …). The scammers invite you to click on an Internet link by claiming a refund or other fallacious reason. By doing this, you end up on a web page that will perfectly imitate the original website (some are truly stunning!). You are then asked to enter your confidential information (login, password, etc.) and this is when scammers steal your credentials.
The most common phishing scams sent by email :
– Your bank invites you to log into your account
– Your mobile phone operator or Internet Service Provider (ISP) sends you a message
– Paypal asks you to validate an operation
– Your tax center offers you to pay via a link in the email.
2. Confidence scams or so-called « brouteurs » scams
Warning ! These are true and tricky cybercriminals ! Called “brouteurs” in French (according to some west-African slang) they are also known as “Nigerian scams” or “419 scams” (article of the Nigerian Penal Code sanctioning this type of fraud). They attract your attention by dangling a gain (a lottery, a loan, a donation, even a heritage that falls from the sky …) and make you believe that you can get it by paying fees. Once you paid, they either disappear or maintain a connection to better empty your bank account.
The usual scams of “brouteurs” sent by mail :
– Purchase requests on classified ads you have submitted
– Attractive job offers
– Unbeatable loan opportunities
– Pledges of gifts, inheritances or winnings to any kind of bogus lotteries
– Interpol members who promise you to recover the money that was stolen from you in a previous scam
Let’s sum up : they will use any hocus-pocus stories, involving princes, marabouts and sometimes even cosmonauts !
3. Malware scams
The malware email is very simple: a message invites you to open an attachment or to download a file through any pretext (download an invoice for example …). This action triggers the installation of a software on your PC or your phone: spyware, encryption of your data to obtain ransom, remote control …
This scam family is pretty technical but to protect yourself, a commonsense reflex is enough: never click on this kind of message received from unknown contacts. You would never allow a stranger in your home without knowing his intention, would you ?
4. Some other scams…
You can finally be confronted with other scams involving forms of usurpation and spoofing, among them :
– False subscriptions
– False debt recovery
– Scams involving fake parcel deliveries where you are asked to dial a phone number which will prove to be overtaxed.
How to identify a fraudulent email
The email address can tell you a lot. An email address consists of 3 parts: identifier @ domain name
The last part (the domain name) is an excellent index to detect a fraudulent email address. A well-known and serious service (like Microsoft, the FBI, your bank, any big company or public service) will indeed never use free mail providers like gmail.com, hotmail.com, outlook.com, yahoo.com, etc. Scammers are then easy to counter when they use this kind of address to make you believe you need to connect to Interpol, Paypal, Microsoft or any other official website.
Only one thing to remember: If an official administration, the police or a large corporation uses such an address to contact you, it’s a scam !
And what if the scammer uses his own name (even if a fake one!) …
When some scammer or “brouteur” play the role of an individual wishing to donate or buy something, it gets more complicated to unmask them… but not impossible !
4 very common cases :
• firstname.lastname@example.org… email@example.com … The email address seems completely wacky? Yep! You’re right: this looks like crap and it is, you just avoided the trap ?
• If the first part of the email looks like a mathematical code (firstname.lastname@example.org), it was generated by a computer robotically.
• Some emails can also seem consistent with what they pretend to be, such as email@example.com or firstname.lastname@example.org, etc. If you don’t really know them, or if you don’t really understand why they contact you, have a commonsense reflex: check before clicking! Check the suggested website from a computer and do not hesitate to test its reliability on Scamdoc.com.
• If the address looks real, it can also be a technical trick to usurp the identity of the email sender. For example, a scammer can write to you using a stolen government address. Fortunately, in this case, they are almost all stopped by the anti-spam devices on your computer and do not even reach your mailbox (be careful with smartphones, which are not always as good as your computer on this point).
Any doubt: let’s go for the good old search !
By searching via Google and/or the website Signal-Arnaques.com, you will very often get a confirmation of the scam. Our community is now very reactive to phishing campaigns and it is rare that a recently used email slips through our net.
The text’s form: that pinch of quirk which betrays the scam
Spelling, again and again
Despite a significant improvement of cyber-crooks, the quality of spelling and grammar remains of a poor quality, especially in the case of “brouteurs”. Passing an email in a spelling checker or a word processor will confirm if it is from an official source. It is indeed extremely rare that a professional email leaves behind gross spelling or grammatical errors.
A strange style? Keep an eye open
If phrases seem unusual, if the style of email changes abruptly (sometimes respectful, sometimes familiar), the sender might not have English as mother tongue … Then trust your intuition: unconsciously, you will probably detect that something is “weird”.
Some classic quirk and weirdness identifying a fraudulent email :
• The guy tells you that he is “serious”? If he feels compelled to remind you of that, it’s more than fishy. Run away!
• The person is “currently traveling abroad”: this is a very common trick on ad sites, for rentals or sites selling items from individual to individual. You would be well advised not to believe it, this is usually followed by a request of financial help.
• Your interlocutor offers you to add money to the item you sell, or the lease you offer. Let’s be serious: normal people negotiate down when they buy something, never up, don’t they? There is a reason why scammers offer you to add money: once sent to your bank, it will take a few days for you to realize that their money is nor creditable nor refundable. But in the meantime, you will be asked to return a portion for an accomplice.
• The person does not address you directly but uses “Hello Mrs. Sir”. This is common with money donations, or valuable goods as purebred dogs or cars. To ignore immediately, those are systematically scams.
To protect yourself, just follow a few simple rules
• Make sure that your e-mail has a well-functioning spam filter (prefer well-established email providers, like Gmail or similar)
• Never click on a link inserted in an email to sign into any of your accounts, always log in by going yourself on the real website by typing the address or using your favorite links.
• Be particularly watchful with emails received from credible official organizations, routinely stolen
• Search Google for the slightest doubt, by typing the email or the site address followed by the word “scam”
• And most importantly, never pay anything you did not choose to do!
These scams play on doubts that you might have about a transaction that you or your loved ones could have made. This rule is essential: do not pay anything or do not call any number without being sure you’re dealing with the right person.
• A search or request for help on Signal-Arnaques.com will also give you some answers if you’re not sure.
Please, feel free to send us your suggestions, and share this information with your friends : given the size of many forums collecting alerts or reports of scams, forewarned is more than ever forearmed.