Email Scams

  1. If you do click a link to a site you trust, check the address bar. In your browser, there's the line, usually at the top of the window, that shows the address of the site you're looking at. In my browser, it looks like this:

    Address Bar

    As you can see, this paypal link I clicked goes to, not the real paypal site. I've personally seen links like this referring to ebay, and I'm sure there are others.

  2. A more ambitious approach is to check the link before you click. Many email programs offer you a way to look at "unrendered", or plaintext, versions of their messages. In Apple's Mail application, it's called "Raw Message Source", in the View menu. Other mail programs will vary, but if you can look at the nasty HTML text that composes these emails, you'll see links that look like this:

      &lt;a href=""&gt;

    Here you can see the link is made to look like it goes to paypal, but the actual link, the href portion above, points to a fake site, Devious.

    Web-based email accounts (like hotmail and yahoo) make this step a little easier. Put your cursor over the link, but don't click. Look in the status bar at the bottom of the browser window (at least, that's where it usually is), and you should see where the link goes. Make sure it goes where it's supposed to before you click. Some email applications may have this as well, although mine does not.

  3. Your service will frequently have had people reporting these bogus emails to them before you see it. Not always, but often. It's always worthwhile to look at the home page of the company to see if they offer any security or scam alerts. The big ones, like paypal, ebay, online banks, yahoo, hotmail, and others, have posted alerts when they find out things like this are happening.

Unfortunately, email is not something we can trust implicitly. As Mad Eye Moody (the imposter of that character, actually) said in the Harry Potter book: "Constant vigilance!" When dealing with sensitive information, and email attachments, you have to be very careful to avoid compromising either your computer, or your personal information.

Fortunately, it's really quite easy to do. If you're working with us already, we're happy to help you step through your email application (including web-based email) so you'll know where to look in your individual setup.

One final note.

I received my first credible scam email last week, from a company pretending to be ebay. Tonight I received one from a paypal scammer, and I sat down to write this article.

Looking at the raw source of tonight's message, I saw this:

<LINK href="PayPal Email Scam - Web Site Version_files/fit.css"
type=text/css rel=stylesheet>

"Paypal Email Scam - Web Site Version files". Do you think that's why my spam filter was able to catch this one? It pleases me that these scammers are still kind of dumb, even if they're somewhat clever.

Comments are closed on this post to keep spammers at bay. If you want to chime in, please email or send a tweet.