Protect Yourself from Scams: Top Tips for Identifying Fraudulent Texts and Emails

Received a Weird Text or E-mail?

DO NOT USE ANY LINKS PROVIDED IN THE E-MAIL or SMS. Unknown links can mislead you or possibly get you to install malicious software on your device! If you are using a computer to read the message or e-mail, you could hover your mouse over the link and it should show you what the shortened URL actually is or where link text is going to take you, but this does not always work.

There are many ways that scammers are trying to steal your hard earned money. Two of the most prevalent are usually sent via text message or email, and sometimes a combination of both. And both methods used, lead to a website that wants you to insert your credit card information. How did they get your phone number and email? How do you spot if the site is fake?

Lets have a look at what they send and how they try to fool you into giving up your credit card details or personal information.

 

Where did they get your details?:

Most of the information used by scammers comes from a data broker that has sold your information online. This could be from anywhere that you provided your number, e-mail or both and possibly your name and address too. In today's world, many shops, websites and businesses ask people to provide various details for their records and unfortunately, once you have provided the details, you have no guarantee that they will keep it safe.

Another place that your details could be found is from when a company has had a data breach, or has been hacked, and a list of customer details has been found, sold, or exposed to the internet. This is also out of your control and could be tough to deal with as the more details a scammer has on a target, the easier it will be to fool them.

Example 1 of what they send you, the SMS:

 You receive a text or SMS message from an unknown number claiming that you have a delivery pending, but needs a clearance fee paid before the package will be sent. Included is a shortened URL so that you cannot verify where the link will take you. By using a link shortener extension or website  a short URL can be created. This is supposed to help with long URL's but can be used to hide them. The only way to see where the link leads is to click on it and see, or hover your mouse pointer over the link to view the actual address (Not possible on a cellphone though). This makes the SMS slightly more believable and in so doing hopes to fool as many people into clicking on the link as possible.

Here is where this short URL will take you, click on the image on the right to enlarge it. The scammer has used a known courier company, and has copied the logo and a few other details from the actual courier site to help fool you. There are however a few ways to find out if the web page is valid or not. Some obvious problems that you should come across:

 

1. The hamburger menu on the top left does not work.

2. The company logo is not clickable.

3. No company details, help or support info.

4. Strange URL in the address bar.

 

 Here is an edited version of the link URL, it is expired and does not work any more, but I have not put the entire link:

 

https://pub-456somerandomtextea98.r2.dev/cc.html

 

As you can see, the URL is not under the domain of the company, and uses an r2.dev as the domain extension. Some examples of a domain extension would be .org or .edu or even .gov for government sites.

 

The extension used in the scammers link is actually from a Cloudflare bucket. Here is the definition of a bucket from the Cloudflare website: Public Bucket is a feature that allows users to expose the contents of their R2 buckets directly to the Internet. What that means is that a scammer can easily create a small website inside the bucket, using the actual companies artwork, have a card payment option below, and have it available to the internet. In this way the scammer can replace the images with another companies artwork, create a new bucket and URL address, and start a new scam under a different name. 

If you do enter your bank details into the website, they will most definitely be stolen and used to purchase items or steal money from your account. And once they have your money, it will be very hard to get your money back as most banks will not cover this type of fraud.

Example 2 of what they send you, the E-mail:

 Below are two different emails from different scammers. Both included invoices, for two different products, which are paid for already. So how are they trying to scam you?

Click on the images to enlarge them for more details.

These types of e-mails are called “phishing” attacks and are used to find personal information about you, then use that to steal money from you. What the scammer is trying to do is get you to either reply to the email, which verifies that your email is active and possibly your correct name, or to get you to call the help line number provided so that they can talk to you personally. If they can talk to you personally they might be able to gather more information from you, as they will be asking detailed questions about who you are, where you live, and possibly an identification number. If you do unwittingly provide more details, the scammer will find it easier to target you in other ways.

 

There are many ways to tell that these types of emails are not from a reputable person or company:

1. The senders e-mail address and the name used in the email are different.

2. E-mails from companies that end in @gmail/@somethingelse.com instead of the official name.

3. Bad spelling and grammar.

4. Low quality images and text.

With this type of scam, they are trying to get you to think, Great!, free stuff, let's contact them and see if I can get it. Its an incentive to get you to action the scam and provide more details than you normally would.

 

What should you do?

DO NOT USE ANY LINKS PROVIDED IN THE E-MAIL or SMS. Unknown links can mislead you or possibly get you to install malicious software on your device

 

 1. Verify first if you did place the order

The first and foremost is think if you did actually buy or order something related to the email. It could be that you order a large amount of goods and services online and it might be tempting to reply to the email or phone the numbers provided. 

You can log into the website where the sale originated and view pending and current orders. . 

Most of the sites have a history of what has been ordered as well as the status of the orders. Also it is quite easy to pull a bank statement online and verify all purchases quickly. 

 

 

2. Does the email look "scammy"?

Verify that the e-mail does actually look official. This can be difficult as the scammer might have gone to the effort of making a high quality message to fool you. If you have ordered from the same company or person in the past, compare if the invoices and e-mails are similar. This however is not the best way to verify if it is a scam or not, but there could be bad spelling and grammar, which should indicate that it is a scam. Here is an example:

 

The text above comes from one of the email images listed above and does not make any sense.  Professional companies verify their sales emails and there should not be any mistakes such as this.

 

What to do if you know it is a SCAM:

 The best is to not open the e-mail or SMS. Most times you have a preview of the message and might be able to decide if it is scam related and then delete the message or e-mail straight away. If you needed to open the message as you were unsure, delete it right after deciding that it is a scam without opening any attachments or clicking on any links.

You could also go a few steps further by blocking the sender or telephone number, thereby ensuring that you cannot receive other scam messages from them. This might only help for a short while as scammers are continuously updating e-mail and phone numbers. Usually, your antivirus/scanning system of your chosen email provider will mark the e-mail as junk or malicious and automatically move the e-mail to the relevant folder or delete it. If this is not happening you can verify your mailbox settings. Or it could be possible that the scam is very new and the e-mail system needs to be updated.

Last Thoughts:

Most importantly is to pay attention to which site(s) you are entering your credit card details into. The URL might even have the padlock in the address bar to say that it is secure and verified, but this is only for the information sent between your browser and the website. It has nothing to do with what you are entering and your bank or credit card.

So be careful out there in the digital wonderland. There are many places that you might fall into a trap that can cost you money or cause extra stress in your life. The best is to double check, and if you are not sure, do not enter your credit card details.

Cheers!