How to recognise an email hoax

Recently my mother in law opened an email purporting to be from Facebook, claiming that her password had been reset and that the new one was attached. She duly opened the attached zip file and followed the instructions to install a password logger on her computer.

It was a pain in the backside to sort out and when she told me that she opened it I was a little frustrated. On reflection I decided that I was being a bit unfair as these email scams are getting better and more sophisticated.

We do a lot of work with young people on educating them about spam and viruses but what about everybody else? I know this information is out there on numerous websites but here are some tips on how to spot a bogus email for parents, grandparents and in-laws!

See the example below

Warning Signs

1. Spelling & grammar
   
   The wording or spelling in a spoof email is often not quite right. Words are not spelled correctly or names are not capitalised.

   This email is odd for two reasons. Firstly, the name of the website is not capitalised. Although the website logo is “facebook”, when they refer to themselves in emails it is as Facebook. Secondly, the phrasing “user of facebook” is clumsy. Surely it should say “Dear Facebook user”.
    

2. Lack of personalisation
   
   Spoof emails are sent out to hundreds of thousands of users so usually lack personalisation. If I were to receive an email from Facebook I would expect it to say “Dear Stuart” rather than addressing me as an anonymous user.
    
3. Why?
   
   Often the biggest clue that something is wrong is that there is no good reason for the action.  In the example above, they don’t give a good reason for changing the password.  An organisation would seldom reset your password without giving you some good reason for doing so.  

   A common e-mail request from spoof banking emails is to re-enter your account information for security purposes.  The bank already has your details, why would they ask you to re-enter them.
    

4. The attachment
   
   Why is the password in an attachment?  If Facebook were to reset your password they would just include it in the email message.  The attachment is the important bit to spread a virus and the email is trying to get you to open and install it.  Don’t fall for it!
    

What should you do if you’re still not sure? 

1. Re-read the email.  Often we only skim through emails and if we read them slowly and carefully we see the warning signs.
2. Try to verify the content safely.  In this case you could just try logging into Facebook using your current password to see if it had actually been changed.
3. Try to contact the organisation independently of the email.  Look on their site for an email address and send an email to their customer support to verify.  DO NOT REPLY TO THE EMAIL!   Alternatively you could call the organisation if they have a customer service number.
4. Ask your IT savvy child/husband/colleague what they think.  They’ll have to be the one who sorts out the problem so a quick glance at an email should save them time in the long run!

A few universal truths

There are a whole range of methods of social engineering that people use to gain your trust so you will open their email.  Please consider the following:-

1. If it looks too good to be true it almost always is!
2. You haven’t got a cousin in Nigeria so how could you have become the heir to $564000?
3. Banks and other financial organisations do not ask for your password.  They already have your details so don’t need you to confirm them by email.
4. Be suspicious of any URGENT requests that threaten loss of service.  They are often trying to get you to act quickly so you don’t question the content of the email.

Finally, if in doubt … don’t open it!