The difference between scam, hoax and phishing emails

Online hoaxes are becoming more sophisticated, making it very difficult to identify whether an email, SMS or website is real and genuine. It’s important to learn how to spot the fake emails so you and your business stay safer online.

There are many different types of scam emails out there. Here are the 3 main types of suspicious emails which you may hear about or encounter:

Scam Emails

Scam emails often include “too good to be true” offers, such as lottery wins, surprise inheritance and unsolicited job offers. People and businesses may also receive emails requesting payment for products or services they did not purchase. You’ve likely never heard from the sender before, but the email will try to imply a connection.

The objective:

To use a false affiliation or unbelievable offer to trick you into giving them money. Often will try to encourage you to reply to the email.

How to tell if an email is a scam:

• You do not know the sender (even if their email suggests they know you, you can’t recall the affiliation).
• The email presents an unrealistic promise or offer.
• The email requests payment for a purchase you did not make.

How to protect yourself from scam emails:

• If the sender, product or service doesn’t seem familiar, ignore or delete the email. Do not reply.
• If you have received an email requesting to renew a product or service, always make sure that it is for a service you genuinely signed up for.
• If it sounds too good to be true, it probably is!

Hoax Emails

These emails are disguised as communications from a trusted source, such as a bank or known affiliate like Booking.com. It may contain their branding or even replicate their common email format.

The objective:

To convince the recipient that the email is from a trusted source, in order to obtain payment details or confidential information.

How to tell if an email is a hoax:

• The “from” name may state that the email was delivered from the trusted source, but the email address will be slightly different. If it’s not from an email using their official website domain you should be on high alert. An example of this would be an email coming from invoice@booking-ltd.com instead of invoice@booking.com.
• Incorrect logos or slightly different design.
• Generic salutation such as “Dear Sir or Madam”, or use of the business name instead of addressing you personally. Banks and genuine affiliates will know your name.
• If the reason for the email is a surprise, such as an overdue payment reminder when your account is up-to-date.

How to protect yourself from hoax emails:

• When logging into a trusted website, always look for “https” at the beginning of the URL. The “s” stands for secure.
• Check for the padlock symbol in your browser’s address bar. This also means the website is secure.
• Make sure the URL is genuine. Hoax emails often link to a hoax website with URLs similar to the real one, but different.
• Enter website URLs straight into your address bar. Don’t reply on links within emails as they could be fake.

Phishing Emails

The people behind phishing emails are experts in manipulation. They will use urgency to convince you to open a deceptive link or attachment before you have time to consider the consequences. An example of this would be an email with the subject line “FINAL NOTICE – IMMEDIATE PAYMENT REQUIRED” containing minimal description and referring to an invoice attached. Without hesitation many will open the attachment to see which payment is overdue, but instead it allows software to be installed on your computer. They may also include a link to a malicious website with the same outcome.

The objective:

To use pressure and quick emotional responses to trick the recipient into making a payment, visiting a malicious website, or to open an attachment containing a virus or spyware.

How to identify a phishing email:

• Urgent or upsetting statements demanding your immediate reaction.
• Requests for payment or your financial/personal information.
• They often use a generic greeting in their emails, such as “Dear user”.
• Wrong or out-of-date logos or design

How to protect yourself from phishing emails:

• Always check the “from” name and email address. Never open attachments or click links from senders you do not know and trust.
• Beware of false links. Just because the text says “www.google.com” does not mean that it will direct you to Google. For example, here I have created a link with text facebook.com which instead goes to Twitter when clicked. Always hover your mouse over links to see the true destination before clicking. If the address looks suspicious in any way, do not click!

What other types of malicious emails have you received? Tell us about them in the comments so other readers can be warned to look out for them!