How to Spot Fraudulent E-Mails
in Security & Fraud Information
Of the many different scams hackers use, the most recent has come in the form of fraudulent emails sent to community financial institutions. These emails deliver malicious malware that allows the attacker to steal sensitive information from infected computers. These emails can be very sophisticated — many even appear to come from NACHA, the Electronic Payments Association. Fortunately, fraudulent emails — like bad poker players — come with “tells” that allow you to spot them. Here are a few telltale signs that emails you receive aren’t legitimate.
- Typos and Bad Grammar - This isn’t because fraudsters don’t know how to spell. It’s an intentional tactic used to bypass email filters. If you notice spelling errors or poor grammar in a corporate email, be very suspicious.
- Awkward Greetings - Phishing emails often refer to the recipient by something other than the person’s name, or in a nonsensical way such as “Dear Client(s).” Treat such a salutation as a red flag.
- Sense of Urgency - Phishing emails often use compelling urgency language, such as “for your own security” or “verify payment information immediately,” that encourages you to take immediate action. But the fraudster is trying to trick you into making hasty decisions with no backup. Don’t fall for urgency ploys.
- Random Numbers - A phishing email may contain a random sequence of numbers, such as “ACH Payment #38350555 canceled,” that may also be inserted into the subject line or text of the email. This creates the illusion of uniqueness and legitimacy. Always investigate the validity of transactions before you respond.
- Strange Links - Many phony links appear to be official, but you can tell if they’re not. Roll your cursor over the link without clicking — if the source code points to a different website, it’s a fake. Your best practice is to never open attachments, click on links, or respond to emails from suspicious or unknown senders.
- Phony Logos, Websites, Addresses, or Phone Numbers - This can be difficult to detect. Fraudsters often insert real business identification into phishing emails to make them appear legitimate, and logos can be copied easily. If you have any doubt, call the number and investigate for yourself.
- It Bears Repeating - Never open any attachment, click any link, or reply to any email that raises even the slightest hint of suspicion. Also, be sure your financial institution keeps its operating system, software applications, and antivirus solutions up to date at all times.
Err on the side of caution, and you’ll protect your institution — and stop thieves from their ill-gotten paydays.