|We have recently seen a variety of scam emails being sent out pretending to be legitimate services, notably Netflix and Barclays Bank. Here you can read a brief overview of how these scams work and also discover some tips on how to protect yourself.
Online Services Impersonation
Scammers will often use popular services such as Netflix, Apple App Store, Amazon Prime etc. to target individuals hoping that their recipients use one of these services and then using either enticing offers or scaremongering tactics to steal or ‘phish’ user’s credentials or even money.
For example, a scam email claiming to be from Netflix may be offering reduced monthly rates that, if real, would be hard to pass up on – especially if you were already a paying customer. An example of scaremongering may be that email that appears to be from Apple with a fake invoice attached saying that the user has been charged a large sum of money for an application. Often this will be accompanied with a link to cancel the order to receive a refund and in turn make an attempt to phish for details.
These scams are unfortunately very successful, due to the reason previously mentioned, where scammers fraudulently use the names of popular online services to trick users.
Again, scammers will frequently use popular banks names, such as Barclays, Santander or HSBC to target users in the hope that they use their chosen bank’s services. These scams will most often use scaremongering tactics to phish for credentials claiming that users accounts have been temporarily locked, or that a large sum of money has been withdrawn.
The majority of the time these emails will ask users to confirm their identity by submitting sensitive information such as the long card number, expiry date and security number.
Users will often be informed that they will be unable to send/receive payments or withdraw funds until the request has been actioned. Money is a big factor in every day life and these services are needed on a day to day basis, so with scammers using these types of scaremongering tactics, victims often forget to think twice before handing over their details.
How do I spot a fraudulent email?
Scam Email Example
1. From Address
Always check the from address. Often this will look to be genuine but may be forged or ‘spoofed’.
For example, our support email address is firstname.lastname@example.org and a fraudulent email could be email@example.com, at first glance the second one could be genuine. However, gemnar.co.uk is not the correct spelling.
Sometimes it is possible that the display name appears to be correct. In these cases, you can click on the display name to reveal what address the email was sent from. For example, the display name may be ‘Barclays Bank’ but if you were to check the address it would be from ‘firstname.lastname@example.org’
2. Addressed Recipient
Legitimate services will always contact customers by addressing them with their real name. Fraudulent emails in most cases do not.
If an email starts with ‘Dear Customer’ ‘Dear User’ or ‘Dear email@example.com’ this should be a sign of a fraudulent email.
3. Message Content
Scam emails will usually contain grammatical errors or incorrect punctuation. Another thing to look out for is unusual looking logos – low quality or unusual proportions are a common giveaway.
Hyperlinks or attachments are almost always present in scam emails. The majority of the time these will, at first glance, appear to link to a legitimate website or attachment. Hover your cursor over links/images to see where they actually direct to.
When in doubt always navigate to the website yourself to check for invoices or changes to your account – never use the supplied link.
Note: This type of email fraud is not normally picked up by anti-SPAM or other filters as the email itself is genuine in nature. Therefore, we are very much reliant on staff being vigilant and aware.