If you’ve recently received an e-mail from your long-lost uncle who happens to be a king in a far-off land leaving you an inheritance, a Government Revenue Agency asking you to wire money or risk being arrested, or Microsoft asking you to re-set your password, you’re probably a target for hackers. These hackers are likely data mining so they can tap into your identity and finances.
It has gotten more difficult to identify those phony e-mails as the hackers have matured their creativity and leveraged new technologies to engage you. So how do you know if the e-mail you received is fake?
WHY ARE THEY CONTACTING YOU?
The first question you need answered is why anyone wants to send you an email with false information. The short answer is that they are phishing.
Phishing is a term that means they are “fishing”. They are casting a line into the lake and dangling some bait to see if you bite. Once they have your information, they will either use it to access your account from that targeted e-mail and/or to test your other accounts as people often re-use passwords across multiple accounts.
HOW DO YOU RECOGNIZE A FAKE OR PHISHING E-MAIL?
The most important tool in your battle to protect your identity and accounts is you. It also helps if you develop good on-line habits, which includes the bell going off inside your head that acts as an early warning when you’re going through your e-mail. While some e-mail programs try to catch suspicious e-mail and flag them or move them to a junk folder, they’re not perfect. In fact, sometimes the programs move legitimate e-mail before they move fake ones.
Here are a few things you can look for:
Do you recognize the person sending you the e-mail? If you don’t, don’t click on any links or take any action until you can verify that it’s a safe sender through whatever investigation you can do. Sometimes you may recognize the sender, but were you expecting anything from them? For example, if uncle John sends you an e-mail with the subject, “The Documents You Asked For” and you weren’t expecting anything from Uncle John, it’s probably a phishing exercise.
The trickiest one is when you recognize the sender and you are expecting something, but even then, there are signs to look for that tip you off.
Here is an example of a phishing email allegedly from the Canada Revenue Agency. If you’re receiving it during the February to April time frame that certainly makes it feel more legitimate because that tends to be when people file their income tax. The header of the e-mail also looks like it is legitimate too, but is it? One way to check is by opening a browser and looking for the actual web address of the sending organization. In the case of this example, the real home of the Canada Revenue Agency is: https://www.canada.ca/en/revenue-agency.html and so that’s your first clue that the rest of the e-mail may be suspicious.
When it comes to a sender, there is also one last obvious question you can ask yourself and that is, “Would this sender be using e-mail to communicate the contents of this e-mail to me and would they be clear about what they’re contacting me about”?
The subject often has clues in it too. In the example above, it reads, “Ref: About your…” It begs the question, would the CRA send you an e-mail with a subject that is so obscure? Probably not. So, the subject plays a key role in helping you identify the legitimacy of the request.
In the four short lines of this e-mail header there are at least two clues to help you identify a fake e-mail, but it doesn’t end there.
Looking at the content without opening any attachments can also yield some clues. If we have a look at the content of the fake Canada Revenue e-mail, what clues could we find?
Let’s start with the “case number”. Were you ever given a case number? Arguably, it could be new, but still, it is something that raises concern.
Next is the amount of the noted refund. Whether you did your own taxes or had a professional do them, you would likely know the amount that is being refunded and you can look to see if that amount and the one in the e-mail match.
The last thing in the content of this e-mail that checked out was the name of the form. There really is an NR7-R type of form, but the suspicious part is why the sender would e-mail you the instructions on how to fill it out, but not the form!
The bottom lime is that if they’re asking you to click on something and you have all these suspicions, don’t click on the link. So, what do you do?
GETTING RID OF THE JUNK
The easy thing to do is delete it and empty your e-mail trash folder. Many e-mail programs, like Microsoft Outlook provide tools that allow you to block the sender, mark it as spam, or get into the details of junk e-mail options. There are also several advanced third-party email spam applications you can purchase, but those typically add another layer of unnecessary complexity to your home use experience.
My best advice for home users is this:
1] Keep up to date with common e-mail scams. Local news and online sources often publish information on major scams.
2] Use some of the tips in this article to question the validity of the e-mail you receive and what some of the steps to identify phishing.
3] Talk to friends and family to see if they have received anything similar.
4] Report phishing e-mail scams through whatever software you’re using as there will often be the option to do that.
You can also take advantage of the NordVPN discount offer through this page, which is another great tool in the battle against hackers. Lastly, you find additional reading material on computer hackers, phishing, and scams that will help develop some of your question asking skills, and maybe have a little fun while you're doing it.