Safe surfing – common sense prevails.
I receive around 50-100 legitimate emails every day. My server’s junk filters do a pretty good job of filtering out the undesirable ones.
However, a few pretty convincing ‘phishing’ emails always make their way through, and normally I can spot them pretty quickly. The one I received earlier today though had me fooled for a couple of seconds before common sense quickly prevailed and the delete key was hit.
It looked convincing enough. It was apparently from HM Revenue & Customs and it was great news! Out of the goodness of their hearts they had emailed me to tell me that I was entitled to an income tax repayment of £1500, and I should log in to my account by following the link and submit a repayment request. The reason that this scam was a particularly effective one was that it combined a number of features which all worked together and on first impression just made sense.
Firstly, the timing was right. Anyone who fills in a tax return generally needs to make a payment on account by the end of July. This email arrived in the middle of August, just a fortnight after deadline. The email looked official, it was sent to the same email address that I have registered with HMRC, and it was possible that I had made a mistake with my return and the tax office had picked up on it, right?
Meanwhile, back on planet Earth I quickly noticed the holes in the scheme. The first thing I thought was that surely HMRC couldn’t possibly know that based on the information I had sent them I was owed money. Their online system works the whole lot out for you, so saying I was entitled to a refund effectively is the same as telling me that the online system doesn’t work! Highly unlikely! I’m also not entirely convinced that the HMRC would be particularly quick to tell me that they wanted to give me money back.
You also tend to find that email scams have imperfect grammar. This one told me “Click here to submit you tax refund request”, and “A refund can be delayed a variety of reasons”. So, a ‘you’ instead of a ‘your’ and the word ‘by’ missing from the second sentence. Small things maybe, but a legitimate email probably wouldn’t contain basic errors like this.
But the clincher had to be when I hovered the mouse over the ‘click here to submit your tax refund request’. I right clicked the link and copied it to the Mac’s ‘Text Edit’ application. The url was a completely different one to that which the email claimed to be sent from. So, unfortunately it was all a hoax, but for a second or two I was having a really good day!
So what do the people who send these emails out have to gain from it all? I imagine that on following the link I would be asked to enter the details of the bank account I wished the reimbursed funds to be deposited in. You can probably guess what would happen after that!
I’ve seen a lot of this kind of thing throughout my years spent online. Most of them are fake emails from banks saying that my account has been suspended and I must act within 48 hours or it will be closed down. This scam adds in a time element to try to make you act quickly. Emails from PayPal are also commonly imitated, where you are told about alleged security breaches and how you must log in and authorise your account – of course on a fake website.
So what’s the best defence? Well, a good rule to start with is the classic “If it’s too good to be true then it probably is!”. Next, if it appears to be from a bank or institution informing you of a security breach and a requirement for you to verify your account then never log in to your account via the link on the email. Go to the company website direct and log in there, or call customer support and speak to a human (get the number from the website, not the suspect email).
Finally, for suspected scams then Google can be your friend. Type in a phrase from the email and you can be sure that if it’s a hoax then it will be reported on the web somewhere. Just make sure that you look it up on a reputable site, as sometimes the dubious website that is returned in search results is what can infect the unwary users PC.
The web can be a dangerous place, even for those who are familiar with it and have been using it for years, but generally by following a few simple rules and applying common sense in all situations you shouldn’t go too far wrong.
