'Fake' Email Scams Vs The 'Real Deal’

With news of brand new phishing scams hitting the press on a daily basis, it is great to see people are taking on board the warnings, and thinking before they 'click'. However, there still seems to be a bit of confusion about what is 'legitimate' and what is likely to open up a whole world of pain for your personal computer or business network.

Malware and phishing scams can cause damage in a multitude of ways. If you are lucky, you might find that you have a few annoying ad pop ups or your PC slows down dramatically. The worst case scenario; criminals can steal your passwords, data, private information, credit card details or identity, or they may shut down your computer or business network, stealing your data and holding it ransom until you pay up. Even when you pay up, you aren't guaranteed to get your data back

Since the day organisations started making the transition from snail mail to email, cyber criminals have been taking advantage of the vulnerabilities. Cyber criminals are pretending to be from banks, government organisations (ATO etc.), postal service providers (FedEx, Australia Post) charities, and other businesses that may trick you with familiarity and a false sense of trust.

It is not all doom and gloom. There are some telltale signs that will give away that the website you are browsing is fake, or what is in your inbox is a phishing email. Just like when someone tries to sell you a 'designer' watch or handbag, the key to spotting a 'fake' is all in the detail. Here are my tips for sorting out the 'fake' emails and websites, from the 'real'.

Check the URL
If an email contains a URL for you to click, and then asks you to fill in personal details, take a closer look at the URL again. The URL in the email might look real, however when the link or tab opens it may be different. This is a sure sign you are now on a fake website.

Here as an example of an email that purported to be from the Australian Taxation Office (ATO). This is the link (in blue) that was contained within the email:

However, when clicked, the link takes the email recipient to what looks like the legitimate ATO website. If you look at the URL of the website circled in red below, it is completely different to the more legitimate looking URL contained within the email.

As a rule of thumb you should always type the official business website URL into your browser and not follow the link within the email.

If I was asked to visit the ATO, a quick Google search would show me that their actual website is www.ato.gov.au (as you can see below) not www.ato_my.gov.au which is contained in the initial email; or on the webpage which the first URL directs the recipient to.

Below is a legitimate example of an email from the ATO.

As you can see, this email has the same legitimate domain as the official government website, and this email doesn't ask you to click a link. Instead, it is telling the email recipient to do best practice, and log in via the official website.

Don't supply sensitive information
As with the ATO example, an email coming from another Government organisation or a bank, would not ask for your Tax File Number or Social Security Number, personal bank account information, PIN or password. Emails or websites that ask for this are sure to be a scam. If ever in doubt, call the organisation directly.

Hi 'Valuued Customer'
There is other content in an email that is a dead giveaway for fraud. If there are any miss spellings, typos and terrible grammar, these are good indications that your sender is a foreign scammer. Also if an email doesn't address you by name, sure thing it's a fake. You will see in the very first image, the salutation only contains the email address.

A secure site leads to your greater security
When shopping online or even just browsing, keep an eye out and check your website is secure. E-commerce sites that are secure use encryption methods to make sure your private information and banking details are kept safe, so look for a 'lock symbol' in your browser window. A secure site also starts with 'https://' instead of just 'https://'.

I'm a strong advocate for public education and awareness around online risks. MailGuard has compiled a list of risks and tips for your personal and business cyber security. You can read more in the blog Don’t Click That! Your Guide To Cyber-attacks And Tips For Being Cyber Safe Within Your Business. While you are there, be sure to sign up for our blog email updates, that way you are always up to date on the latest scams that could be targeting your inbox or favourite website.

If you liked this article and it helped you, be sure to Like It and Share it with the LinkedIn buttons below!