How to identify scam emails
With so many emails coming in and out of our inboxes daily, it’s hard to identify which is a scam email and which isn’t. As online scams are getting more advanced, it’s important that we learn how to spot such scam emails for us to stay safer online.
We always think that we’ll never fall prey to scams, but they can happen to anyone of us. Hackers will try to steal your personal information in any way possible (e.g., email, phone, or chat message), and the most common of email scams is called Phishing Email.
What is Phishing Email?
It is a method that cyber criminals use to fraudulently obtain your personal and financial information such as your login details, bank account numbers, and credit card numbers.
They might look legitimate and email you containing links that may be asking you to verify an unauthorized transaction, review a payment, or access your personal information when clicked. If you suspect that you have received a phishing email, please DO NOT click on any link or attachment provided in the message.
How to verify if the email I received is a phishing email?
Please lookout for the following to help you identify if the email you received is a phishing attempt.
- Sender’s email address: Check if the sender’s email address looks legitimate, and belongs to the company’s official domain name.
- Sender’s company name: Always check if the company name and logo is correct.
- Website domain name: If the email asks you to click on a link, always check if the website you are redirected to belongs to the company’s official domain name.
- Broken grammar or misspelled words: Look out for misspelled words, bad grammar, bad sentence structure and inconsistencies in capitalization.
- Content of the email: Most companies will never ask you to share sensitive information (e.g., passwords, bank details) via email. If they do, please contact them to verify before sharing such information.
- Irrelevant content: The content of the email might not be related to your job-scope or the company’s line of work.
Case study of phishing emails
Case study 1: phishing of bank detail.
You can see that the sender’s name and email address is posbbank.com.sg. The actual domain name is posb.com.sg and dbs.com.sg
From the content of the email, you can also see some grammar and spelling mistakes.
When mousing over the URL in the email, the web link is directed to another unknown website that is not from posb.com.sg and dbs.com.sg.
Case study 2: Phishing of password on account warning.
Case study 3: Gaining access to your computer with email attachment
Please help us to stop phishing attacks and protect your personal and corporate data. For users, vigilance is vital, never click on any email links, to provide personal data, or execute attachment in the email that you are unsure.
Contributed by Roger Tham
Roger is a helpdesk engineer and passionate in Computer Networking and Cyber-security