Introduction

Recently at Betonicah, we've had multiple clients reach out to us about suspicious emails they've received through their websites and personal emails. With a rise in online scams, it's important to know how to spot them and what to do if you receive one. We've put together some helpful tips to help you stay safe online.

What is a Scam Email?

In the simplest terms, a scam email — often known as a phishing email — is a fake email that tries to trick you into giving up sensitive information like passwords or credit card numbers. It usually disguises itself as coming from a place you'd trust, like your utilities, governments, social media accounts, banking insitutions or even a colleague.

How to Spot a Scam Email

Fortunately, there are some telltale signs that can help you spot a scam email. Here are some of the most common red flags:

1. Strange Email Address: Check the From field carefully. A mismatch between the sender's name and the email address is a red alert.
2. Typos and Grammar Mistakes: Real companies have quality control. If an email is littered with errors, it's likely not legit.
3. Unexpected Attachments and Links: Always be cautious about clicking links or opening attachments, in fact, unless you are 100% certain they are safe, don't click. Attachments can contain malware, and links can lead to fake websites that will steal your information. Hyperlinks can be disguised as legitimate URLs, so it's important to hover over them to see where they actually lead. When in doubt, open a web browser and type in the proper link manually.
4. High Pressure and Scare Tactics: Legitimate companies won't rush you into making decisions that could lead to mistakes. An email pushing for urgent, immediate action should be considered suspicious.
5. Asking for Personal Information: No genuine company will ask for sensitive information through an email or text message. If you're unsure, contact the company directly. Also, companies and services such as your bank will never send you unsolicted codes to log in to accounts.

Realworld Example Breakdown

Let's take a look at a real-world example of a scam email. This email was sent to a client of ours, and it's a great example of what to look out for. While it may (but not really) look legitimate at first glance, there are some clear red flags.

The first thing to notice is what email its being sent from. The email address is not from the company it claims to be from. For Shaw, an ISP in Canada, the email address would likely be something like @shaw.ca. This email is from a suspicious looking comcast.net email which is not a legitimate Shaw email address.

Next, right below that you can see the send-to email address is 'service@web.ca' and not your email address. This is a clear sign that this email was sent to multiple people and is not a personal email.

Getting into the body of the email, you can see that there are multiple punctuation and grammar errors. A legitimate company would not send out an email with this many errors. The logo is also not the offcial Shaw logo and is a low-quality image.

Finally, the link provided to "update your account" doesn't actually lead to the Shaw website, but instead to a suspicious looking website. You can preview where the link goes by hovering over it. This is a clear sign that this email is a scam. When you navigate to the suspicious website, it's actually a clone of the Shaw sign-in page designed to steal your login information. The fake website can be seen in the picture below! If you didn't notice the URL, you might not realize that you're not on the real Shaw website.

What to Do if You Receive a Scam Email

If you receive a scam email, here are some steps you can take to protect yourself:

1. Avoid Interaction: Do not click any links or download attachments.
2. Mark as Spam: Use your email service's spam option to get the email out of sight and help your provider recognize it in the future.
3. Log in Directly: If the email claims to be from a service you use, such as your bank or PayPal, open a web browser, type the address manually and log in directly to check if the email's claims are true. This bypasses any trickery the email might be attempting.
4. Report: If the email impersonates a real company, let that company know. They may be able to take action and warn other customers.

Conclusion

While scam emails are a growing problem, fortunately, with a little awareness and caution, you can safely avoid all of them. If you're ever in doubt, remember to take a moment to check things out before you act. Stay safe out there!

Feel free to share this blog post with friends, family, and coworkers to keep everyone's online data secure. Understanding how to dodge scam emails is key to protecting both individual and professional data.

Still not completely sure? We can help.

‍