Last week I received a message in my inbox with a subject line that said it was from Facebook, and that my password had been changed. The message invited me to click on the attached zip file to get my new password.
Now I knew immediately that this was spam, and I posted a warning to my Facebook community to watch out for the same message. But I heard that others were taken in and their Facebook accounts were hacked. And it can easily happen. I remember once receiving an email from what looked like my payment processing company, saying I had just been charged hundreds of dollars for something I did not purchase. I was understandably upset, and clicked the link and entered my user name and password before realizing my mistake. I had to go and change my password immediately.
So today I wanted to share with you what to look for, and how to identify whether a message is legitimate, or just spam.
- Are there spelling or grammar mistakes? This is a big indication it’s probably spam. Messages from a big company are proofread before they’re sent.
- Are you asked to open an attachment to get more information? Also a marker that the message is probably spam. Particularly if that attachment is an .exe or .zip file. Again, big companies will not send you an email with an attachment most of the time.
- Are you being asked to click a link to verify a password? Unless you are just signing up for a service, and need to verify your subscription, this is rarely legitimate. And if you do click the link and then need to enter your user name and password, again, the warning bells should go off. Never click a link in an email to a site (especially if it’s a site with financial information) and then enter your login information. Always type the URL for the site directly into your browser, and then log in.
- Have you received more than one message? Typically you’ll get a batch of emails with the same subject line when it’s spam. We saw this with the Facebook scam, the shipping company scam (it said you had a package with UPS or FedEx that couldn’t be delivered), the tax payment scam, etc.
- Are you being told your password has been changed? These sites will not change your password without your knowledge. If you’re being told you have to click somewhere and enter your old password, it’s most likely a scam.
- If you DO click a link and get taken to a site where you have to enter your username and password, check the URL of that site very carefully before entering your information. This is what happened to me in my example above. The site looked EXACTLY like the financial services provider’s website. But the URL was different. Since I didn’t check first, I got taken in.
Fortunately, spammers all use similar tactics. By being aware of what to look for, you can avoid getting taken in. Please share this post with others, so that no one gets taken in by these tactics.
What do you look for when determining whether or not an email is legitimate? Have you ever been taken in? What advice would you give? Would love to read your thoughts in the comments below.