How To Spot A Fake Email: The Difference Between Scam, Hoax & Phishing Emails
Online hoaxes are becoming more sophisticated, making it very difficult to identify whether an email, SMS or website is real and genuine. It’s important to learn how to identify a fake email so you and your business stay safer online. From scams to hoaxes and phishing emails: there are many different types of fraudulent emails out there. Let’s start by taking a look at how they are defined as well as ways to help you spot them and protect yourself from falling victim to these increasingly sophisticated internet scam tactics.
Hoax Emails
These type of fake email is disguised as communications from a trusted source, such as a bank or known affiliate like Booking.com. It may contain their branding or even replicate their common email format.
Email Hoax Definition
According to Technopedia an email hoax is: “a scam that is distributed in email form. It is designed to deceive and defraud email recipients, often for monetary gain.”
The objective:
To convince the recipient that the email is from a trusted source, in order to obtain payment details or confidential information.
How to tell if an email is a hoax:
- The “from” name may state that the email was delivered from the trusted source, but the email address will be slightly different. If it’s not from an email using their official website domain you should be on high alert. An example of this would be an email coming from invoice@booking-ltd.com instead of invoice@booking.com.
- Incorrect logos or slightly different design.
- Generic salutation such as “Dear Sir or Madam”, or use of the business name instead of addressing you personally. Banks and genuine affiliates will know your name.
- If the reason for the email is a surprise, such as an overdue payment reminder when your account is up-to-date.
How to protect yourself from hoax emails:
- When logging into a trusted website, always look for “https” at the beginning of the URL. The “s” stands for secure.
- Check for the padlock symbol in your browser’s address bar. This also means the website is secure.
- Make sure the URL is genuine. Hoax emails often link to a hoax website with URLs similar to the real one, but different.
- Enter website URLs straight into your address bar. Don’t reply on links within emails as they could be fake.
Phishing Emails
The people behind phishing emails are experts in manipulation. They will use urgency to convince you to open a deceptive link or attachment before you have time to consider the consequences. An example of this would be an email with the subject line “FINAL NOTICE – IMMEDIATE PAYMENT REQUIRED” containing minimal description and referring to an invoice attached. Without hesitation many will open the attachment to see which payment is overdue, but instead it allows software to be installed on your computer. This type of fake email may also include a link to a malicious website with the same outcome.
Phishing Email Definition:
According to the Australian Cyber Security Centre, phishing is: “a way that cybercriminals steal confidential information, such as online banking logins, credit card details, business login credentials or passwords/passphrases, by sending fraudulent messages (sometimes called ‘lures’).
The objective:
To use pressure and quick emotional responses to trick the recipient into making a payment, visiting a malicious website, or to open an attachment containing a virus or spyware.
How to identify a phishing email:
- Urgent or upsetting statements demanding your immediate reaction.
- Requests for payment or your financial/personal information.
- They often use a generic greeting in their emails, such as “Dear user”.
- Wrong or out-of-date logos or design
How to protect yourself from phishing emails:
- Always check the “from” name and email address. Never open attachments or click links from senders you do not know and trust.
- Beware of false links. Just because the text says “www.google.com” does not mean that it will direct you to Google. For example, here I have created a link with text facebook.com which instead goes to Twitter when clicked. Always hover your mouse over links to see the true destination before clicking. If the address looks suspicious in any way, do not click!
Scam Emails
Scam emails often include “too good to be true” offers, such as lottery wins, surprise inheritance and unsolicited job offers. People and businesses may also receive a fake email requesting payment for products or services they did not purchase. You’ve likely never heard from the sender before, but the email will try to imply a connection.
The objective:
To use a false affiliation or unbelievable offer to trick you into giving them money. Often will try to encourage you to reply to the email.
How to tell if an email is a scam:
- You do not know the sender (even if their email suggests they know you, you can’t recall the affiliation).
- The email presents an unrealistic promise or offer.
- The email requests payment for a purchase you did not make.
How to protect yourself from scam emails:
- If the sender, product or service doesn’t seem familiar, ignore or delete the email. Do not reply.
- If you have received an email requesting to renew a product or service, always make sure that it is for a service you genuinely signed up for.
- If it sounds too good to be true, it probably is!
We regularly post alerts and advice to help protect your business so make sure you sign up to receive our blog posts and keep ahead of potential threats to your business data.
This article was originally posted on 24th June 2015 and has been re-published on January 17th 2021 with updated information.
Complete the form below to enquire about our products and services!
Other articles of interest:
Comments are closed.