Today's post is about a special type of spam email, the most dangerous kind of emails you will occasionally receive. They are technically known as phishing emails. But in plain English they are scam emails. They try to get your bank account details without your knowing. They try to get your very valuable personal details in ways that seem legit. They try to force you to do things you normally wouldn't do by using a mixture of threats and enticing promises.
I am going to help you easily identify such emails. In fact, I will show you two of such I received lately and walk you through the visual cues that should signal danger ahead.
Scam Email 1
Noticed the email I highlighted in the screenshot above? It's from the US Ambassador to Nigeria.
Whenever you receive an email whose sender name is that of someone in a high political position then you should get a red flag. Open the email with caution. Don't be quick to click on any links within it or reply the email.
Let's take a look at the content of the email the US Ambassador sent me.
See all the parts of the email I highlighted? They are all the signs of a phishing (scam) email.
- The sender email is not from a recognizable USA government domain. (Some will even use a yahoo email.)
- There is a reply-to email that is linking to a yahoo.com.ph email account. Another red flag.
- There is too much personal details in the mail. No important person will give this much information to a stranger in one email.
- The email body is terribly constructed. You can't even format a job application email like this and expect a favorable reply. Looks like it was composed by a 6 year old. Or the man in The Gods Must Be Crazy
- My name wasn't mentioned anywhere in the email and I was not expecting any mail from the US Ambassador. So this is definitely a mass email.
- Your bank has your personal details. Never treat an email from a bank that addresses you as "Dear valued customer" as worth taking any action on. Even when you call your bank's customer care, the first question you are asked is to confirm your full name.
- The link I am told to click on is not First Bank's website link.
- On a general note, never take any threat or call to action communicated to you by a bank via an email seriously. Always call your bank first to verify, Notice the threat of locking my token.
- They want you to reply. Like the one purportedly from the US Ambassador. Phishers have their own sales funnel. They blast emails to a large list of people and the people who reply get moved to the second stage of their phishing scheme. It doesn't matter if your reply is a threat to them to stop spamming you. If you want to prove that you are not going to fall for their scheme don't do so by replying just delete their emails.
- They want you to click on a link in the email body. Don't ever click the links in a scam email. Not even out of curiosity. A lot of things can happen once you click that link. You computer can get infected with a malware. The least terrible thing that can happen is that you are taken to a website that looks like your bank's website and asks for your login details. And that is still very terrible. Safe to make it a rule to never click a link in an email you were not expecting.
- They want you to provide valuable personal details. Either in form of a reply to the email or by filling a form that the link in their email body directs you to.