Dear Dad. A Parent’s Guide to Spotting Email Spam

“Just because a well-dressed gentleman knocks at your door, doesn’t mean you have to let them in.” Me

Dear Dad, this article was written just for you. Maybe mom should give it a read too though.

I know those annoying spam emails are confusing. How the hell do you differ a real email from a fake? The stakes for getting it wrong can be high. Click a wrong link, share your personal details in the wrong place and you could end up giving bad people accidental-access to your private things. Let’s start at the beginning.

What is (email) spam?

This may seem obvious however I want to make sure we’re speaking about the same thing. Email spam can be broadly categorized as any email you didn’t expect or ask for, where the person or business sending you the email often has ulterior motives to what might be stated. Email spam is either lying to you or annoying you with unsolicited offers.

Some spam is simply serves as an irritation. That newsletter to that thingy you never signed up for.

Some spam is trying to convince you’ve won a large amount of money. This money can be yours. For a small fee.

Other spam is worse, much worse. It pretends to be from a legitimate person or business. It wants you to share personal details. Typically pin codes or passwords.

Time pressure is often woven into the offending email. If you don’t do it now, then you will be hacked, penalised or lose out on this amazing chance to win the Spanish lotto. (You know the ones.)

Why do spammers spam?

Money. The end goal is always money. ??

Perhaps they fool you into sharing your banking pin codes. Money.

Perhaps they access your Facebook profile, sending your friends and family urgent requests for…money.

Perhaps your computer is compromised after innocently installing infected software. This software then locks your computer’s files and can only be removed after sending them…money.

Their tools and targets differ however, their goal in the end is an easy payday before moving on to the next victim. Think of them as treating this like a full-time job. Rocking up at an office somewhere in the world, opening a laptop, cracking their fingers and say “it’s scamming time…”

But how do spammers get my email?

Ever notice how when you buy a brand-new phone with a new SIM card that you somehow still receive a marketing call or SMS before anyone should even know about your new number?

This also unfortunately applies to your email address. Despite your best intentions, over time your email is sure to be leaked to the world wide web. Lists of these unsuspecting email addresses are then assembled and sold. Bad companies (or at best, lazy) use these lists for mass-marketing their latest blue pill or trying to infect your computer with their ransomware. (Software, that once installed, holds you to ransom.)

Let’s be clear, it’s almost impossible to stop your email from eventually finding its way to these people. Instead of trying to stop this from happening, it’s more important to have a common-sense approach to handling these chops who seem intent on scamming you for every last Rand.

It’s Never Personal

As much as you want to drop these idiots into a busy 4-way intersection during loadshedding, stop. Take a breather and remember ?? it’s never personal. Swearing at them or shouting at them WITH ALL CAPS won’t change a thing. Never take the bait. The best way to treat spam and the scammer behind the screen is to simply ignore them. Don’t reply at all.

Spam emails are sent every day, to every inbox, in every corner of the planet. The spammers only need a fraction of a fraction of these emails to find an unsuspecting (but responsive) victim. It’s a cold numbers game, as personal as it feels. Let’s take a look at the various types of lies your inbox receives.

Types of Spam Emails

Promises of Riches ??

These are the funniest ones, the ones we laugh most about around the braai. An unsolicited email from someone who has recently stumbled into obscene riches. They feel the need to share the riches with you. Why? Well Dad, you would normally play the role of a long-lost relative. Or perhaps you have somehow won a competition you don’t remember entering. Congrats ??

The Catch? You’ll normally be asked to pay some kind of fee upfront in order to access the cash. Once paid, yet another fee is presented. You can see where this is going right? This process is normally repeated as many times as possible until the victim eventually realises their mistake.

The Obvious? No-one will want to give you money for free. Ever. Even the “free” pocket money I used to earn as a kid was exchanged for cutting the grass, cleaning up after our dogs or endless dishes.

?

Promises of Love ?

These scam emails target the lonely. Men or women. Although I would guess that women are targeted more often. The scammers pretend to have come across your profile online, possibly on a platform like Facebook. They want to get know to know you better, as your profile “stood out” to them. ??

This scam differs from the others as the “Nigerian cupids” behind the emails are often in it for the long haul. They will genuinely chat to victims for weeks or even months before the obvious happens. They need money. What else? ??

By this time the unfortunate victim has likely formed an emotional bond with the scam artist. The buxom, fresh-faced lady from that country you always wanted to visit will more than like actually be seated somewhere in Africa and be a few shades darker than expected.

Read more on romance scams.

Threats (of being hacked.)

I get this one often. It normally involves threats to expose incriminating evidence by leaking pictures or other private documents of the victim. Essentially, the emailed-demand translates to “We hacked your computer. Pay us money, or we will show people your embarrassing stuff.”

These emails are often littered with technical-sounding jargon, aimed at scaring the victim into thinking it may somehow be true. Thanks to their flamboyant use of the English language to try and intimidate, these sorts of fakes are easy enough to spot.

PS. Don’s stress Dad, following some of my simple steps listed later on will help you prevent bad people gaining access to private files.

?

Installing Bad Software (Virus, Malware or Ransomware)?? ??

This sort of spam emails contains an “infected” attachments of some sort. The story spun in the email differs however the goal of the scammer is always the same. They want you to open or install something. Once you have opened their attachment and installed their software, the game begins.

The infected attachment will often take the form of a .ZIP file, a webpage (.HTML) or an Excel document. The naughty software, once installed, will likely block access to your important computer files. Alternatively, the software could hide in the background, monitoring your online access and sharing your activity with the bad people.

I think over time the scamsters have gotten a bit lazier and their need for a quick buck, more obvious. This leads to the rise in what is known as Ransomware. This is software which, once installed, simply blocks access to your important files. Victims are then presented with a on screen prompt, demanding the victim pays a ransom of sorts to regain access to their files. This ransom is normally demanded in Bitcoin. (Bitcoin…the other braai-side topic of conversation, once politics has been covered.)

Legitimate Fakes

These are the most dangerous kind of spam. Why? They are the hardest to differentiate from the real thing. This sort of spam often pretends to be from your bank, the post office, SARS or other popular platforms and businesses.

The goal of this sort of email is to obtain your private access details to an online profile. Once the scammers know your password, funds can then be siphoned or directly withdrawn.

Example: Dear User, we have detected an attempted hack of our clients banking details. Not to worry we managed to prevent any major loss of your personal details. However, we need you to log on right now to ensure that your banking profile remains valid. Click here to enter your banking details online.

The Obvious? The hackers send these sorts of email en masse to 1000’s of unsuspecting and innocent folk, like you Dad. They do this because they know that they only need a few to fall for the fake. They normally target online profiles or platforms they know are universally popular. Your bank and Facebook account are prime targets.

I am pretty sure I am missing a few types if insidious inbox trolls here, however I think these should cover the most common types.

Spotting Spam: A Common-Sense Approach

I remember our chat from my last visit where you and mom explained how hard it was for the older generation to spot what others may consider more obvious red flags. Not to worry, I will gear my advice to a simpler, common-sense approach and less on technological wizardry.

Just remember that as daunting as some of my advice may seem – weigh it up against having somebody withdrawing money from your bank account without your consent. Still seem like too much effort to learn? (Rhetorical. Read on.)

Here are the top 10 tricks I use to identify and outsmart spam terrorists

#1 BAD SPELLING

Spam emails are notorious for have mis-speliings in their email text. I used to derisively dismiss this as simple stupidity or lack of education on their behalf. I have since heard a theory that feels more plausible. They spell badly on purpose. They want to separate the more logical folk and instead focus on those victims that still reply despite the obvious spelling errors. Kak right? This changed how I thought about these people.

?

#2 WERE YOU EXPECTING IT?

I remember you asking about an email received regarding a package delivery of some sort. Whilst obvious spam, it happened to coincide with deliveries you were expecting at the time. Spooky.

The first filter question to ask is “Did I expect an email from this business or person?”.

• UPS asking you to enter your ID? = Am I expecting a UPS delivery?
• Bank email asking you to peddle your password? = Have you ever shared this email address with your bank?
• SARS asking for tax info? = Is it anywhere near the usual dates for income tax returns?
• Won the lotto? = Have you recently entered any competition or lotto? (This one is embarrassing to have to point out.)

?

#3 HOVER BEFORE YOU CLICK

This simple trick has saved me many tears over the years. I am sure it will help you too Dad.

1. Hover your mouse over a suspicious link in an email to see where they are trying to send you.
2. Does the destination address of that link match the name of the business or person who sent the email?

When examining an email you aren’t sure of, hover your mouse cursor over the blue link the email directs you to click on…can you see the “destination address” it highlights? Does the address highlighted from the hovered link make any sense at all? Why would the link address differ from the name of the business that sent you the email? Again, a healthy dose of suspicion helps.

If there is a major difference in the link address and the institution or business name it reports to belong to, treat with care. Even a simple misspelling of the business name is enough for a scammer to scam.

For example, the picture snippet below was from an email sent by “Netflix”. When I hover my mouse over the link that “Netflix” wants me to click in their email, I see the address (https:// t.co/sj6fith...) So why would this official email from “Netflix” not have a link that rather sends me to their official website? (https://www.netflix.com/)

Can you see the obvious mismatch between who they say they are and where they are sending me?

?

#4 SENDER NAME vs SENDER EMAIL

This tip is huge Dad. Using this technique will help identify 80% of scam emails on the spot. You may still receive those pesky emails in your inbox (unfortunately) however you will be able to spot them with ease, laughing at how close you might have come in the past to sharing your valuable passwords with a stranger.

Most email clients (like Outlook) let you associate a name with your emails that does not have to match the email address. I can send you an email right now that will show the senders name as “Not Your Son” HOWEVER the email address it will be sent from will still be mine. Let me repeat that, I want you to start paying attention to the sender’s email address and not just the senders name.

The first thing I want you to do from now on when faced with the prospect of an unwanted inbox invasion that irks you is to check if the email senders name in any way matches the actual email address used. If the name sounds legitimate but the actual email address it was sent from sounds like a suspicious mouthful, ditch that email faster than a day-old curry from Florida Road.

See this example below of an email received from Netflix where the email address it was sent from is very obviously NOT Netflix.

Make this the first thing you look for from now on.

#5 VERIFY VIA PHONE

If you are ever unsure, give the business in question a call.

??Example: “Hello *Bank Person*, I have an email asking for my pin codes, did you send it?”

This might take a few minutes of your time however it’s a safe way to ensure you hear directly from the horse’s mouth.

My ONE tip however is that you don’t call the number listed within the *suspect* email itself. Rather call the number of the business that is publicly listed. Why? Scammers often have fake call centres setup for those who may call the number from the email itself.

#6 AVOID INSTALLING SUSPECT SOFTWARE

I know you are guilty of this one Dad.

I want you start being more cynical about any software you allow to be installed on your computer.

If you are unsure if you need to install Software X, please rather give me a call/ email and ask. More often than not, simply hearing how or where you came across Software X would be enough for me to play the game “Scam or no scam?”.

That software promising to improve your computer and internet performance by 10x is a lie Dad. Leave it alone.

#7 UNHEALTHY ATTACHMENTS

Emails are a lovely way for us to keep in contact, run our businesses or just be productive members of our society. HOWEVER, certain types of email attachments are riskier than others. I can’t think of any legitimate reason that you should be receiving an email containing one of the following attachments,

• ZIP file
• HTML File (Webpage)
• Excel documents. (Specifically, Excel docs that want to run a macro.)

Attachments from an email that are opened without first checking that they are valid, are one of the most common ways to let the bad people in. When you receive an email that contains one of the file types listed above, I want you to…

STOP, clicking.

ASK, is this email or attachment something I expected AND from someone that I know?

ACT, suspicious (why would I need to open this file?)

If the email seems to be from a legitimate person or business AND you were expecting it AND it passes the other checks listed further down BUT you are still unsure, you are welcome to forward the email to me to take a squiz.

#8 ALWAYS USE PROTECTION

The law of averages states that after receiving enough spam, one day despite your best efforts, an infected attachment will be opened. Here are two important steps to take in order to prepare us for that day.

Keeping Windows Updated

I want you to make sure your installation of Windows is always kept up to date. Windows 7 onwards really has some solid anti-virus protection that comes preinstalled. However, this would not make a difference if your computer was not regularly given security updates or patches that Microsoft releases.

Wondering how to make sure your Windows is up to date? (Watch on YouTube here.)

Anti-Virus

You don’t need to pay to access quality anti-virus protection for your computer. As long as you have more recent version of Windows, kept updated, the free anti-virus protection from Microsoft known as Windows Defender is likely all you need. (Mixed together with a bit of common sense.)

How to find and run Windows Defender. (Watch on YouTube here.)

Worried that you are using a different anti-virus program? It doesn’t really matter the exact antivirus software you use. I personally prefer using the free version from Microsoft (Windows Defender) instead of the other (paid-for) options mainly as =

1. It’s free.
2. Other paid-for virus protection often annoyingly, keeps trying to sell you stuff.

2 Part Challenge

1. Check now if your installation of Windows is up to date.
2. Perform a simple virus scan on your computer.

#9 MASTERING YOUR OUTLOOK

I know that you use Microsoft Outlook to receive your emails. (Fun fact, Outlook is known as an email client.) There are two settings that I wish more Outlook users knew of, when it comes to protecting yourself from unwanted inbox infringements.

A) Flagging Spam

What better way to treat a naughty spam email than sending it to the corner. Better than that? Tell Outlook whenever another email sent by the same person comes through, to mark it as spam automatically for you. This is a great way to treat serial offenders.

How?

Simply Right-Click on the offending email –> Selecting “Junk” –> Then select “Block Sender”.

That bit of spam is now in the naughty corner. The next email from the same spammer (address) goes directly to jail without bugging you. Spam flagged this way is automatically moved into your SPAM folder in Outlook. Not to worry, if you flag the wrong email by accident, navigate back to the SPAM folder in Outlook and the email can be returned to your INBOX.

B) Adjusting Spam Filters

By default, Outlook will only move the most obvious spam emails to the SPAM folder. You can however, at the click of a button. Ask Outlook to be a bit more suspicious with how it judges new emails that arrive. Will it accidentally flag innocent emails? Yes, this will happen. However, for me the added suspicion from Outlook is more valuable, as it saves me the time I normally spend cleaning my morning inbox from all the spam received the day before.

How?

IF your spam situation feels extreme, I recommend you ask Outlook to be a little more suspicious of incoming emails by changing its spam-spotting-suspicion from “low” to “high.”

Find this setting by first clicking your “Home’ ribbon at the top of Outlook, then selecting “Junk” near the far left of the menu strip then -> “Junk Email Options.” Then select “High” before clicking the OK button.

Read more on how to change the spam filter setting here.

?? Go check that your Outlook spam filter is set to High. (You can always change it back to Low if needed.)

#10 EMBRACING 2 FACTOR AUTHENTICATION (2FA)

I am sure you have heard this phrase before right?

Despite an intimidating name, 2 factor authentication simply means that the platform you are attempting to access or log into will check with you twice before allowing you in. This normally involves the usual password together with some kind of code that will be SMSed or messaged to your phone.

Why the double access check? If a scam artist somehow finds your passwords, the chance of them also having access to your phone is low. Enable 2FA on your most important accounts will add a minute or two of time when you access the platform however it will reduce the risk of a bad person access your valuable online profiles.

Question time. What would you consider your most valuable online profiles? (Most risk if someone gained access.) Now does this platform offer the added security of enabling 2FA? Try enabling the security setting. If after testing out it really still annoys you, you can simply remove the 2FA again.

What should I do once I know it is spam?

Mostly? Ignore it.

Most unwanted (but legitimate) newsletters or emailed advertisements can be “unsubscribed” from. This means you tell the company that sent the email to take you off their marketing list. This can be either a manual request or a link clicked near the bottom of the offending email.

These sorts of marketing emails are normally more of an irritation than something dangerous. Like someone at the robots waving a flyer in your car window as you politely try ignore them. They are normally sent from a business somewhere that figures they can make a quick buck by forcing their way in front of you.

The more devious kind of spam (where they pretend to be someone else) is trickier. They often won’t have a link to unsubscribe. Even if they did, I have doubt it would work anyway.

Conclusion

What now? I am sending you off to fend for yourself against these spam bandits. These 10 tips should put you in a much safer position than before, helping you avoid falling prey to their emailed pleas for your attention. Tip 3 (checking links) and Tip 4 (sender name vs sender email) are the most effective tools I have found to quickly separate the majority of emailed deception.