How to identify a scam email

by Marco Tapia

in management-it-consulting,

July 24, 2019

Only click links from trusted senders. A simple trick is to hover your mouse over the link to check the destination in your browser if it doesn’t match then it’s not legitimate.

If you are not sure, type the URL of the organisation you are intending to visit manually into your browser or navigate through Google search to find the correct website before entering your credentials.

Never open an attachment that seems suspicious as files from unknown senders often contain malware or virus.

Take a close look at the email address of the sender – even if it looks legitimate, there are keys to show it has been forged.

Other scams to watch for:

The scam tells sends a message to intended victims that a new email address has been added to their (for instance) PayPal and gives them the chance to make it their primary address or to report the email if it has been added by mistake.

“If you didn’t add this email, let us know right away. It’s important because it helps us make sure no one is getting into your account without your knowledge,” it reads.

Unsuspecting recipients who click on the “let us know right away” hyperlink are taken to a convincing copy of the PayPal website where they are asked to login using their email or mobile number.

After clicking “next’” the user is led to a similar page that prompts them to enter their password.

Subsequent pages ask intended victims to update their billing address and credit card information before being redirected to the actual PayPal website.

“E-commerce companies such as PayPal commonly hold a well-established and trusting relationship with customers, so when cybercriminals are looking for good trademarks to use in their email attacks they often brandjack companies like these,” email security service MailGuard said.

“Several techniques have been employed in this email to look like a genuine notification from PayPal, including the usage of high-quality graphical elements such as the company’s logo and branding.

“Another technique is the attempt to evoke urgency; telling the recipient to ‘let us know right away’ creates a sense of anxiety and panic that their account isn’t safe.”

Other scams to watch for:

Google Calendar Scam: Exploits a default feature which gives the ability to add invitations and events automatically to calendar apps unless turned off manually.

NAB email scam: Customers receive an email painstakingly formatted to look like an official correspondence from the bank, with the body explaining the last BPAY payment has been put on hold.

ANZ email scam: Disguised to look like it has been sent from an official ANZ email and advises customers their “internet banking access has been temporarily locked”.

Queensland Police ATO scam: Scammers use the trusted phone number of a government department and impersonate an employee to advise the victim they have an outstanding fine or fee that must be

paid.

Australia Post scam: Attempts to redirect the victim to a fraudulent Post Bill Pay website where there credit card details could be stolen.

Netflix scam: Email scam gives the appearance of being sent from the streaming service and advises Netflix has been blocked because of a problem with billing.

ATO email scam: Exploiting the well-established reputation of the government agency, the email scam tells the recipient the ATO is trying to contact them in regards to an undisclosed matter.

Telstra phone scam: Man hit with more than $10,000 in charges after scammers opened 10 mobile accounts in his name without his permission or knowledge.

Fake Indian call centre scam: Telstra customers are being warned over an Indian call centre scam attempting to trick victims into handing over sensitive information that could be used for identity theft.

NBN robocall scam: Sophisticated NBN robocall phone scam has been targeting areas of the country where installations are currently underway.

Energy Australia scam: Email scam uses the large database and established brand credibility of EnergyAustralia to lure victims into downloading a malicious file

Optus email scam: An email purporting to be from Optus tells the recipient told a document is available for them to download. Once click, their computer is infected.

Valentine’s Day scam: Romance scammers actively engage with victims, slowly building an online relationship before asking for money.

Telstra email scam: Email-based cyber-attack uses Telstra branding to trick customers into clicking a link that can infect their computer with a malicious file used to steal information.

Netflix email scam: Email tells users their account has been suspended in an attempt to trick them into clicking a link which leads to a Netflix-branded phishing page used to steal personal information.

Apple Store email scam: The phishing scam involves an email purporting to be from Apple Store, which informs customers they have a PDF receipt from a recent purchase.

ATO phone scam: Phone calls claiming to be from the ATO attempt to fool people into handing over money by claiming they are about to be arrested over unpaid taxes.

‘SIM swapping’ scam: Hackers can gain access to your bank account, email and social media with just a simple phone call to a mobile operator.

Post-storm roof scam: The men knock on the door of Australians after wild weather and say the roof must be replaced as it’s about to cave in. One lady handed over $156,000 for work that did not need to

be done.

Police phone scam: Scammers are posing as police officers to try and dupe people into handing over financial information.

Ransom email scam: Scammers are sending ransom emails containing terrifying threats designed to frighten people into handing over their money.

Telstra email bill scam: A legitimate-looking email bill that directs users to a malicious website that will deliver malware to their computer.

Facebook scam: Users receive messages from the accounts of friends and family, telling them they can win money by clicking on a link that will infect their computer. The message is from a scammer who has hacked your friend’s account or created a “copy” profile by stealing their images and information.

Wealthy suburb scam: An elaborate scam saw a man hand over a $40,000 car without receiving a cent.

Source: Nine Digital Pty Ltd 2019 https://www.9news.com.au/technology/paypal-email-scam-attempts-to-steal-the-confidential-data-of-users-news-update/208c5588-4b81-472e-81c7-42c89e625547

https://www.nine.com.au/