Q: Last time you started a list to help me decide whether an email message is safe to open. I can’t wait to hear the rest of the list!
A: Yes, last time I gave you the first five ways to tell that an email is not legitimate. Let’s continue:
- You didn’t initiate the action: Just yesterday I received an email message informing me that I had won the lottery. The only problem is that I never bought a lottery ticket. If you receive a message informing you that you have won a contest that you did not enter, then you can bet the message is a scam.
- You are asked to send money to cover expenses: One telltale sign of a phishing email is that you will eventually be asked for money. You might not be asked to fork over the cash in the first email, but sooner or later a phishing artist will likely ask for money to cover expenses, taxes, fees or something similar. If that happens, then you can bet it’s a scam.
- The message makes unrealistic threats: Although most of the phishing scams attempt to trick people into giving up cash or sensitive information by promising the victim instant riches, other phishing artists try to use intimidation to scare the victim into providing the information. If a message makes unrealistic threats, then the message is probably a scam.
Let me give you an example: I received a very official-looking email that was allegedly from my bank. Everything in the email seemed completely legitimate except for one thing: The email said that my account had been compromised and that if I did not submit a form (which asked for my account number) along with two forms of ID, then my account would be canceled and my assets seized.
I am not an attorney, but I’m pretty sure that it’s illegal for a bank to close an account and seize assets simply because the account holder did not respond to an email message. The amusing part, however, was that the only account I had with this bank was a car lease. There were no deposits to seize because I did not have a checking or savings account with that bank.
- The message appears to be from a government agency: Phishing artists who want to use intimidation don’t always pose as a bank. Sometimes phishing artists will send messages claiming to have come from a law enforcement agency, the IRS, the FBI, or just about anything else that could scare the average law-abiding citizen.
I cannot tell you how government agencies work outside the United States. In America, however, government agencies do not use email as the initial point of contact. That isn’t to say that law enforcement and other government agencies do not use email — of course they do. However, law enforcement agencies follow certain protocols. They do not engage in email-based extortion.
- Something just doesn’t look right: In Las Vegas, casino security teams are taught to look for anything that JDLR (as they call it). The idea is that if something just doesn’t look right, then there is probably a good reason why. This principle applies to email messages as well. If you receive a message that seems suspicious, then it is usually in your best interest to avoid acting upon the message. If you’re not sure, for instance, that the message came from your bank, call your bank to verify its validity. Your bank will be happy that you told them of the email and may actually take action against the sender, if they can.