Spam email has always been a nuisance, but now it’s now becoming dangerous. It’s being used to steal billions of dollars a year from unsuspecting people like you and me. While I think I’m pretty good at detecting fraud, I’ve been fooled a few times, particularly when the email contained personal information that made me think we had a previous business relationship.
There are numerous approaches these scammers take: convince you to send money, direct you to a fake site, install malware on your computer to steal information, or use your computer to initiate spam attacks on others.
The key is to avoid clicking on attachments or responding in other ways to their solicitations. While many of the emails can look convincing, since it’s so easy to copy and past legitimate logos and photos from real sites, looks are usually deceiving. Recent scams include sending invoices from the Geek Squad, Pay Pal, and eBay, asking to pay missed tolls from toll road agencies, and requests from banks for account information. While all these scams vary, there is one point in common among all of them, a fake sender’s address.
Depending on the email and settings, the sender’s email address is often not visible when you look at the email, but it’s easily seen by moving your cursor over the person’s avatar (the image or initials of the sender’s name on the left of the sender’s name) or over the sender’s name. Similarly, on a phone, just touch that point on the screen.
More often than not the email is a name with a bunch of numbers that bears no relation to a business. Here are some examples:
uqakqyy@pfgbjqzg.cancelled.immediateattentiontypes.jp.net
oppo18193@godaddysupport
axel.sepulvedax420@jaliscoedu.mx
john.doe1234@secure-payments.biz
ritttfg1357644@gmail.com
Sometimes scammers try to impersonate legitimate companies but use slightly altered addresses. For example, instead of support@paypal.com, they might send from support@pay-pal-security.com. Always hover over the sender’s name to reveal the full email address and verify that it matches the official domain of the company.
For example, this was one of dozens of spam emails that appeared in my inbox yesterday, and one that was not detected by gmail as spam;
When I opened the email it was an ad for offline storage in the cloud. (Clicking on an email from a list view to open the email is safe to do.)
It could be an attempt to sell me something that would never be delivered or to access my personal information if I did used their storage.
When I moved my curser over the face in the email, this is what appeared.
The address website “@sma.belajar.id” above bears no relation to a company that sells storage or is even a legit business. But sometimes spammers are more devious and use an email address that looks authentic. Examples are names with extra numbers or letters (customerservice@amazon01.com), misspellings (support@appple.com instead of support@apple.com), or unusual characters (info@bank_security.com), etc. So examine the address carefully.
Assume an email from a corportation using a free email service is fraudulent. Examples include GeekSquad100@gmail.com, applesupport12@gmail.com, paypalservices@gmail.com, and support_amazon@outlook.com. Essentially all reputable companies that contact us use their own domains, not free email services like Gmail, Yahoo, or Outlook. Examples are
You can always copy the email address and paste it into Google. If others have reported it as spam or a scam, you’ll likely find warnings about it.
Government agencies and banks don’t send emails from personal accounts. If you receive an email from a supposed IRS or bank representative using a Gmail or Yahoo account, it’s almost certainly fake. You should never be afraid of not responding to an email. Ignoring a legitimate request will not get you in trouble.
Spammers often use fear to pressure us into taking immediate action. They may claim your account has been compromised or that legal action is pending unless you click a link or provide personal details. Legitimate organizations rarely send such urgent emails without prior notice. If in doubt, visit the company’s website directly instead of clicking any links. Often spam emails contain grammatical mistakes or spelling errors. That’s a red flag.
Spam emails sometimes contain attachments disguised as invoices, receipts, or security updates. Clicking on these attachments can install malware or ransomware on your device. Never open or download attachments from unknown senders.
Legitimate companies will never ask for sensitive details like passwords, Social Security numbers, or credit card information via email. If you receive such a request, it’s a scam. And ignore any email reporting on the condition of your computer, such as low memory, detected viruses, etc. They have no way of knowing the condition of your computer.
If something feels off, it probably is. Scammers rely on urgency and confusion to trick people. When in doubt, take a moment to verify the information before responding. By staying alert and following these simple steps, you can keep your inbox safe and avoid falling victim to spam and phishing attempts. When in doubt, always verify before you click!
As was completing this column, I received an email shown below.
I initially thought it was spam. But I checked the email address and saw it was from a site tremendous.com. Mmmm, that could be a legitimate company because it’s a single name. I went to the website. www.tremendous.com and found it was a legit site of a company that does market research and issues payouts. But I had no recollection of ever working with the company. Then I recalled I had participated in a survey of Lexus EV owners and was told I would be paid a token amount for participating.
