Holiday Email Hoax Reminder
As if the year can’t get any crazier, I’ve experienced more sophisticated hoax emails than in years past. Many target the services and products we rely on or seek during the holiday season.
If you haven’t noticed, it seems more emails are being sent for the holidays this year. This is primarily due to Black Friday, Cyber Monday, and other sales and specials to encourage online shopping. Now there are sales and more sales well before and even after the regular dates. This past couple of weeks, my inbox has been evidence of that.
Holiday Emails and Scammers
I don’t know about you, but I was to the point that I just started deleting anything that had Black Friday or Cyber Monday in the title. And I’ve unsubbed from those who sent so many it was annoying. It was becoming exhausting…
With all that extra activity combined with more folks purchasing online, hoaxsters know how to take advantage of the fact that you are pressed for time, overwhelmed, or not paying attention as you should.
Common is the hoax emails disguised as order confirmations, financial alerts, and “feel good” forwards so that they can be more easily propagated. Phony order or invoice emails that claim to need your immediate attention look just like the real thing.
Your first instinct is that something isn’t right, but the phrasing seems to imply this is something you need to check out. Right now!
Pause and take a breath first.
First, let’s check out the little details.
Before forwarding any email or clicking on any links or attachments that claim to be of importance, you need to vet that email. Ensuring it is not a hoax or a scam before reacting is worth extra effort.
This effort can prevent you from unknowingly installing malware or inadvertently providing payment or personal information you will regret later.
Don’t Click “Phishy” Links!
phishing: n
The practice of luring unsuspecting Internet users to a fake website by using authentic-looking email with the real organization’s logo, in an attempt to steal passwords, financial or personal information, or introduce a virus attack; the creation of a website replica for fooling unsuspecting Internet users into submitting personal or financial information or passwords.
These scammer’s goal is to get you to click on a link or call a phone number. Do not click on any links or attachments until you verify the sender. Even if the email looks like it may be legitimate, you still need to double-check if the clickable links are valid.
No matter what the Subject: field states or the message implies. Look at the underlying email address. Does it match what is displayed? Most likely not.
Hoaxsters have become pros at making emails look like they are from legitimate contacts or companies (UPS, Amazon, PayPal, BestBuy, virus software, financial institutions, etc.). They steal logos and images to look just like what you’d expect.
Before clicking on any link, hover your mouse over the link. Look to see what displays in the location bar of your email software. The visible text can differ from the underlying link in the background code.
When you can see where that link is directed to, you can immediately determine if the link could be trouble. But even with that, hoaxsters are very clever at making the underlying URL look legit(ish), too.
Here’s How to Investigate the Underlying Link Code
Let’s use Amazon as an example:
In the cases above, the only credible domains are when “amazon” is directly before the dot com or dot whatever. Noting “amazon” anywhere else is dubious at best.
When you see website URLs with the company name in them, don’t assume the domain is legit if it differs from what you usually see. Do not click on links and go directly to the website as you usually do.
The thing is, anyone can register a domain name. While you are not supposed to buy or use domains of other company’s brands and trademarks, that doesn’t stop the bad guys. They’ll use them until they get caught.
How do you determine if a URL is legit?
There was a time when you could see who owned a domain by looking it up. However, due to privacy concerns, in most cases, that information is now hidden.
When in doubt, go to the primary domain you usually use. Check your user dashboard on the legitimate site to see if any alerts or messages require your attention. No alerts? That email was most certainly a scam.
If you see a link that ends with the following — don’t click on it:
If you see anything tacked on the end other than a typical domain ending, that’s a “Danger, Will Robinson!!” moment. That email could lead to you downloading/executing a trouble-making script onto your system.
The last thing you want to do is forward emails that contain nefarious links that could cause the other side to click on them. By forwarding a hoax email, the recipients will naturally trust that you wouldn’t send them anything unreliable.
If you don’t want to take the time to confirm an email’s legitimacy, then you don’t forward it. Just hit delete.
Hoax Vetting and Info Websites
Back in the day, a handful of websites were truth detectors and hoax exposers. Now, only one that I see puts in a valiant effort. VerifyThis is the one website that isn’t overly influenced by ideology. If you know of other reliable hoaxbuster websites, please let me know so I can check it out.
I’m now off for the Holiday season. Wishing you all a Merry Christmas and the happiest of Holidays. See you next year!