Remember when a fishing trip meant long days sat with your Dad, miles from anywhere, staring at a pond with a few cold ones and your Dad telling you not to drink the beer too fast? Nope, my Dad didn’t fish or for the most part drink cold beer.
These days a phishing trip is something completely different. Recently I’ve had a couple of emails which were mildly concerning and caused to consider their authenticity. Also over the last few weeks our local nextdoor social media has been subject to many threads with people advising about scams, but in very specific ways, they just say I got this email, it’s a scam. No real advise on how to decide it’s a scam.
So here is what I went looking for to decide the email I received to was fake, inauthentic. Maybe it will help you? Before I even started to examine it, I figured it was 99% likely to be a fake as it was sent to an email address I don’t have linked to my PayPal account.
This one is super interesting because it involves crypto/bitcoin related activity. Most of us find this scary as bitcoin/crypto uses language and terminology we don’t understand. In this case there are no links to click, they want you to call. It’s what’s known as a phishing email.
You call all upset and worried, they reassure you it was a simple mistake and with a few pieces of information they can correct it for you. If you give that information, you will then be in real trouble. I’ve been online in various forms since 1984.
It’s no surprise they have my correct name, and my primary email address that I’ve had since 1997. How do I know it’s a scam or phishing trip? See the attached image.
A. While sender email addresses can be faked or spoofed, it’s not easy. Check the senders full email address not just the visible name. In this case everything to the right of the @ should be the company name. For some it might be gmail.com, but then the name to the left of the @ should be the company name. This is just a spam email account and they’ve used my name as the visible name just to confuse.
For example, in this case I’d expect the email address to have been firstname.lastname@example.org. or for a small/new business maybe something like email@example.com.
It’s probably not worth calling the alleged company involved, they’ll either just not know how to respond, or tell you to ignore it.
B. Is my email address, blanked out. Yes, of course they have your email address, you wouldn’t have got the email otherwise. 60-million plus Americans had their email addresses and other personal data leaked by credit rating agency Experian. Unfortunately email addresses are almost public data and free to find. Ignore they have your email address, it’s just your street address online.
C. The Wording at the C’s is just awkward, any reasonable business would have reviewed this and this wouldn’t have passed.
D. The address at D. does not exist. Check google maps.
So now you’ve identified what’s a likely scam. What should you do? In this instance, it’s composed to look like your PayPal account has been charged. Don’t click on any links in the email, ever.
Go to your web browser, or banking/PayPal app and login. Check your recent transactions. This 99.99% won’t be there. At this point you can logoff and just delete the email. If your email system allows you to block the email and mark the sender as spam etc. Do that.
If by remote chance you do have a charge on your account that pretty much matches the email. Call your bank or PayPal etc. PayPal are not easy to call(thanks Elon Musk) but you can report from suspicious activity from their website or app. Do it immediately. Do NOT delete the email and wait for you bank or paypal etc. to tell you what to do.
I took the time to write this guide from scratch as I suspect many will start getting these crypto phishing emails. Whatever you do, don’t reply to the email and ABSOLUTELY DO NOT CALL them. No matter how smart you think you are, the first thing you risk giving them is your phone number, it will go downhill from there. I hope this helps.
Stay Safe Neighbors.