Our lives are increasingly going cyber, and therefore, so is our personal data. Data breaches, including the Capital One breach in July that left 100 million customer accounts vulnerable, are becoming more common. In turn, fraud prevention is a perpetually hot topic.
But it isn’t always a hacker that gets access to our data. Sometimes it’s an Average Joe that takes advantage of the elderly or uninformed by using a tactic called phishing. Phishing scams come in the form of emails and telephone calls in which an individual pretends to be from a certain company to coerce someone into providing sensitive information, such as a social security number or credit card number.
Here’s an example of fishing that my dad received by email. It looked like this:
From: John Maryline [mailto:firstname.lastname@example.org]
Sent: Friday, February 16, 2018 1:21 PM
Subject: Your ATM Cards Released..
Attention: This is to inform you that we have agreed to release your fund valued at USD $5.8 Million which will come to you via ATM Cards. Please do re-confirm your information as below to avoid wrong delivery. Forward your information to the delivery office here: email@example.com and instruct them to send the card to you immediately.
Full Name (Receiver):_____,
Country of Resident: ______,
Office/Home Street Address: _____,
Nearest Airport: _____,
Mobile Phone Number: _____,
Identification papers (Passport copy or ID card) which you will present it before delivery is made: _____
Thank you for understanding and may God bless you.
Mr. Mark James
My dad sent Mr. Mark James / Mr. Maryline (did you notice that the top of the email identifies the sender as one and the signature line is that of the other?) the requested information and then forwarded the email to his entire company telling them that he quit.
No, my dad is not really an idiot.
My dad really did send the email to his company, but everyone knew he was kidding. And no, he didn’t really reply to the email he received from Mr. Mark James / Mr. Maryline.
There’s a sucker born every minute, as the saying goes, but good, smart people are fooled every day. Want to know how to identify a scam email? You should definitely learn. Why? Because in 2019, phishing accounts for 90% of all data breaches, and phishing attempts have grown 65% over the last year. To make matters worse, 15% of people who fall for a phishing scam will be targeted once more in the same year. .
Instances of fraud among the elderly are especially rampant, and the last thing you should do if your elderly parent or grandparent falls for one is to blame or shame them. Instead, you should be proactive in their education about fraud prevention.
Sid Kirchheimer, writing for AARP, interviewed Anthony Pratkanis, a social psychologist at the University of California, Santa Cruz. Pratkanis noted, “When protectors take over finances or lecture parents about their mistake, it plays right into the scammers’ hands by threatening the target’s independence.” In other words, as Pratkanis said, “[F]or scam victims to admit they were wrong means they’re stupid and unable to take care of themselves.”
Some scams are harder to detect than others, and some perpetrators are experts at what they do. Don’t blame the victim.
Instead, take a look in the mirror, because there are things you can to do protect them ahead of time from fraudulent scams. For example, as Kirchheimer counsels in his article:
If someone you care about falls victim, you or they can call the AARP Fraud Fighter Call Center at 800-646-2283. You message will probably be returned within 48 hours.
Some scams are harder to detect than others, and some perpetrators are expert at what they do. Still, some red flags make some scams are pretty obvious. For example:
Computer help desks do not have to ask you to read information from your computer screen if they are already monitoring your computer and calling you to tell you that something is wrong.
Banks, credit card companies and other financial institutions do not email you asking you to sign into your account using a link contained in the email.Or, an “important update on your account” will require you to update your personal information through a link. In these cases, it is probably best to pick up the phone and call your bank to verify the email and update the information by phone.
If you ever get an email like the one below, for example, you can be sure it is not really from Bank of America.
Fraudulent emails that purport to be from a company, by the way, rarely use email addresses that end with the company name. The one above, for example, was sent by someone using a “comcast.net” email address. Learning how to identify phishing examples takes practice, but some are easier to spot than others. For example, Bank of America can afford a custom email domain and will not send emails from domains such as Gmail, Hotmail, Yahoo or AOL.
Use a site like domaintools.com or my-ip-tools.com to find out who owns which domain name. Companies with domains ending in “.edu” or “.gov” are usually much more reliable than those ending in “.com,” “.org,” and “.net.”
Emails written with typos or bad grammar are most likely fraud. And if you’re buying products online, check the grammar on the seller’s product listings. Grammatical errors on product listings are a good sign that English isn’t the seller’s first language. While not all international sellers are scammers, be cautious and do a background check on the seller to confirm that they’re not selling you any counterfeit goods. If you want to know how to identify a scam email, start with a quick grammar check.
If a company emails you promising “big winnings,” like a free trip to Fiji or a free iPad, or if they ask you to “enter your email and password, so we can send you further information on how to collect your prize,” it is a scam.
The Secret Service offers these tips for determining telemarketing fraud:
First impressions are everything. If an email starts with “Hi,” “Hello,” or doesn’t refer to you by name, you should be cautious. If you are a Bank of America customer, for example, then it’s likely that Bank of America will greet you by name.
If an email signature doesn’t have proper contact details, then it may be a scammer. Reputable companies will leave their contact information, such as an office telephone number and extension. If the email just has a person’s name and a potentially fake title, you should probably reconsider.
You may have seen the Youtube videos of scammers that call random numbers pretending to be from the IRS or a sheriff’s department. They claim that the person is in trouble and must provide their bank account information in order to avoid arrest. Urgent and sometimes threatening messages or phone calls can be a major sign of phishing.
In addition, if an email has attached photocopies of account “evidence” or government documents, it’s important to know that photocopies are not legitimate forms of verification.
If you receive a phone call or email that you think is a scam, and if you have a few extra minutes, you may want to check out one or more of these resources:
In the end, if don’t know how to identify a scam email, or if you fall for a scam, don’t beat yourself up. Seek help immediately.
Think at least twice before sharing your personal information with anyone or clicking on any attachment to any email you may receive.
The best fraud protection is common sense. Consider freezing your credit and using credit monitoring and identity protection services; use very strong, long (and different) passwords on each of your financial accounts; and, when it comes to inbound calls or emails, follow that old rule: don’t talk to strangers.
[Editor’s Note: To learn more about this and related topics, you may want to attend the following webinars: Data Breach Response: Before and After the Breach and How to Build and Implement Your Company’s Information Security Program. This is an updated version of an article that originally appeared on March 6, 2018.]
A passionate environmentalist and animal rights' advocate, Sophie Friedland is dedicated to the idea that furthering these imperatives and being financially successful are not mutually exclusive. A college Freshman at the time of her first submission to Financial Poise, Sophie is Financial Poise's youngest-ever contributor.
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.