This page will deal with the barrage of emails that you get with warnings about anti-virus subscriptions expiring, purchases of new things like phones and bills that supposedly have been charged to your credit card. I will show some of these and explain how to verify whether or not these are real. These are by far the most dangerous of all of the scams and I will explain why. They are a very subtle way for a scammer to empty your bank account. These are called phishing scams.
Most people wonder why we get so many spam emails. Whenever you give your email out to a retailer or enter it on a website in order to get access to content you have no idea where it will wind up. The other issue that we see on the news quite often is that there are data breaches where larger companies are hacked and personal information has been stolen. One of the main pieces of personal information is email addresses. A hacker can steal a database full of emails and sell them to spammers to make money. Once this happens a few times your email address can be all over the place and you’re just stuck with it. Spam email has become a fact of life.
This is how the normal email phishing scam goes down. You get an email and it appears that it’s from Norton, McAfee, Geek Squad or some other tech company and it will sound like your credit card has been charged several hundred dollars for services. They always conveniently give you a 1-800 number that you can call to clear it up and get refunded. Truth is, they’ve not charged your card at all. One of the first things you can do is log right into your credit card accounts and check. If there is no charge of that amount to any of your cards it’s a fake email and delete it. Problem solved. Never use any buttons or links in those emails to check anything.
If you do make the mistake of calling them what they will do is carry you to a website to submit a refund. It is a fake site. You will enter all of your info into that site. Let’s say they are refunding you back $400. Once you click on that submit button on the refund you will see that you’ve been refunded $4,000. That form they use adds a 0 to it to make it look like you have been refunded ten times too much. They will say that you added a 0 to it. The scammer makes out like he is going to lose his job over this and you need to let him fix this right now. It’s all a game.
In order to do this he wants you to let him install remote access software on your computer and then log into your bank account and fix the problem. Once you do that he is in your bank account. You are now in deep trouble. As this is happening the screen will go black from time to time and he will manipulate the code on that webpage to look like you have refunded him just that amount. What he has really done is he has emptied your accounts. I have seen people lose tens of thousands of dollars like this. Most of the time you can’t do anything about it.
Sometimes instead of logging into your bank account what they will do is that they will want you to go buy a bunch of gift cards at Lowes, Walmart or Home Depot. He will use this method in order to get your theoretical overpayment back. They also use bitcoin. There are various ways they work it. No matter how they do it you lose your money. Keep this in mind. Most cashiers at these retail stores will flag you on buying large numbers of gift cards. They’re good at talking people off of the cliff when they see this happening.
As I’ve said before, when you see an alarming email just stop right there. Take a deep breath and don’t panic. In 99% of these situations it’s just garbage emails and nothing has occurred. the problem always starts when you call them. Below I will show some of the subject lines they use in these emails.
The one below is from my inbox. This one is supposedly a Pay Pal receipt. You will notice that the person’s name is lower case letters and there is no subject. Those are dead giveaways. Below that is another screenshot. You can see that it is a miscellaneous gmail address from some random person. That is the biggest giveaway that it’s fake. Larger companies do not send out receipts from gmail addresses. They generally use company email addresses. So many of these fake messages will be found in your spam and trash folders. Legit emails don’t typically wind up in the spam folders as most of these legit email addresses are known to the spam filters of email providers. They are set up to not catch legit emails most of the time. That doesn’t mean that you won’t find good emails in your spam folders. Sometimes it happens.
In the screenshot below you see a Pay Pal receipt. They were so unprofessional on this they just used Notepad to create the receipt. That receipt was brutally bad in appearance. Valid receipts will always be .pdf documents. Most of the fake ones will also be .pdf documents but you can know for a fact that it’s fake if they used Notepad or Word documents.
Below is a shot of my trash folder with multiple scam messages in it. You will notice a couple from icloud storage. Both of the names are different. There’s a UPS message and Peacock and Paramount. Another giveaway on the fakeness of these kinds of message is there is just a lot of random clutter in the subject line. They look like they were written by a ten year old. They’ll have capital letters and lower case mixed up, random punctuation and other errors. It’s basically a bunch of word salad. There are just so many errors and odd ways that they’re composed. That is a dead giveaway that it’s fake.
What they do with these emails is they try to hit on the factor of coincidence. If you have an Apple phone you may think it pertains to you. If you have a package being sent by UPS they might get you to react. If you have Paramount + streaming there’s a chance someone will react and call them.
I can give you a personal experience at how real these things can seem. Back in July of 2023 I have a person rear-end me while I was sitting at a traffic light. They wound up totaling my vehicle so I had to go through the whole accident claim process. There were several times during that where I got emails with a subject line about an auto accident. I had to check those and make sure it wasn’t one that was real. Keep this in mind. When you are dealing with a company on business you will normally be assigned someone to help you. Just confirm that as you dialog with this person via email that it is coming from them. They WILL NOT use personal email addresses when doing this. These will come from what we call company domains.
What is a domain? Explaining this will help you understand how to check to see if email are real. Out there on the internet you go to various websites(Amazon.com, boisestate.edu, and you will have .org and others. My domain is mikescomputerrepairservice.com. These are what we call domain names. So, a company will have their own domain and typically not use personal email addresses. A small one person operation might do that and it’s no problem. But, if you get an email from Pay Pal it will be from a paypal.com email address. For instance, it might say something like invoices@paypal.com. If you wrote a message to HP to buy a bunch of computers you would probably get and email from something like sales@hp.com. You are not going to get an email from HP that is saleshp@gmail.com. That is clearly a fake address. Knowing this information about domains helps us determine in most cases that the emails with this invoice attached for things you supposedly purchased are just plain fake. I see emails all the time that are just some kind of off the wall gobblygook. It will be something like sgluastdihng444@io23.com. Any email from a sender like that is just junk.
What you can do with some success is to setup filters inside your webmail or email software to put many fake messages right into the trash. If you’re getting something constantly from a source that you don’t want to receive messages from, use those filters to put it right in the trash. Don’t use the unsubscribe button in the email because you are simply telling them that you are a real email address. That being said, you can use unsubscribe on senders that you know are real like Best Buy, Albertsons, Fred Meyer, etc. These are known entities and they will take you off the list.
More to come.