How to Spot an Email Scam

How to Spot an Email Scam

Scammers are working overtime during the pandemic coming up with new ways to steal money and personal information. Many pretend to be someone else, like a business you know and trust, government officials or family members in need.

Golden West has experienced an increase in reports about phishing email messages. Last week we talked about how to report these attempts and what to do when you suspect an attack. This week Golden West shares tips on how to spot an impersonating email.

Just like hand washing, masks and social distancing help protect you from the coronavirus, there are things you can do to protect yourself from phishing emails.

1. Look carefully at the email address of the sender.
Look past the Sender’s Name to the sender’s email domain, or the part of the email address after the @ sign. For example, no legitimate organization, including Google, will use an “@gmail.com” email address. Google would send from an email address ending in “@google.com.” 

Also, if the email is legitimate, the domain name must exactly match the apparent sender of the email. Anyone can buy a domain name and can choose one that closely resembles the impersonated sender. For example, “@go1denwest.com” isn’t exactly “@goldenwest.com,” but it’s close.

2. Review the message’s grammar and writing quality.
Many scammers are from outside the United States, and English is not their first language. They may use a spellchecker or translation software, which may translate out of context. If it refers to things using unusual words or flows awkwardly, it may be a phishing email. If you’re unsure, look for other telltale signs mentioned in this article.

A suspicious email flagged by Golden West earlier this year stated, “Our system has detected an unrecognised activity on your mailbox. To ensure full security, we require you verify your Email immediately to eliminate any third party threat to your mailbox.” The unusual spelling of “unrecognized,” unusual word choices like that of “mailbox,” and random capitalization of “Email” are all potential warning signs.

3. Check for suspicious links or attachments.
Many phishing emails include a link for you to click that leads to something “important,” such as to a supposed account that needs updating. It’s important to ensure the destination address of the link matches the context of the rest of the email. Many messages hide the destination address in a button, so it’s not immediately obvious where the link leads. The best rule of thumb is not to click on any links in the message. Go directly to the apparent sender’s website to double check the message’s legitimacy.

Emails also sometimes include malicious attachments disguised as something else, like an unpaid invoice. When you open the “invoice,” the document will leave malware on your computer. By the time you realize the invoice was for someone else, it’s too late. Never open an attachment unless you are confident it is legitimate. Even then, always watch for anything suspicious in email attachments.

4. Consider the urgency of the message.
Scammers know that most people procrastinate. By creating a sense of urgency, scammers get you to act sooner, often before you closely examine the email.

Here’s an example of a scam email sent to capitalize as people await much-needed stimulus checks. American Express did not send this message, and this sender will not help the recipient obtain funds. This email also includes an example of each of the four tips referenced above with the numbers of the tip beside each highlighted instance.

Stimulus-Check-Phishing-Email-1586215088.jpg

Follow these tips for increased security online. As always, Golden West’s Help Desk is available 24/7/365 at 1-855-888-7777. For more information about phishing emails, read last week’s email message at https://www.goldenwest.com/news/scammers-fish-for-unsuspecting-customers/ (note URL matches company domain).