Your guide to spotting scammersPosted: August 26, 2013
Email and phone scams have become increasingly common in recent years. Here’s how to avoid them:
You’ve no doubt received the emails congratulating you on your $1million inheritance from your long lost cousin, a Nigerian prince pleading for your urgent assistance or your exorbitant win in the lottery you never entered.
However, it’s important to remember online and phone scams aren’t always blatantly obvious or ridiculous. As awareness increases and technology advances, so too does the believability and sophistication of these hackers’ scams. So we’ve asked (scammed) Information Services Security Specialist Jeff Braine into providing some tips on how to separate the wheat from the chaff:
- “Something just doesn’t seem right.” Trust your instincts if an email doesn’t seem quite right to you, even if you can’t put your finger on why. It doesn’t hurt to call the sender to check – just don’t trust the web address or phone numbers listed in the email. Look them up in Google or White Pages.
- Never respond to an email that asks you to reply with personal information such as your tax file number, date of birth or your credit card details, even if the email comes from a company you trust. Email is often transmitted across the internet in unencrypted form.
- Check the language and grammar. Most real marketing material is designed, proofread and typeset by professionals. This includes online marketing. If the email or webpage contains numerous errors, it’s best to be wary.
- The age old saying “If it looks to good to be true, it probably is” is certainly valid here. If you didn’t enter a foreign lottery, you didn’t win it. Neither are there unclaimed thousands of dollars in the bank account of a deceased person with the same surname as you.
- Griffith IT Support should never ask you to give them your password either over the phone or in emails. Emails which ask you to reply with your email address, username and password are definitely scams.
- A common email scam claims your email account will be deleted if you do not respond with your username and password. These can look very convincing, but can be identified because the email’s wording was directly derived from your email address. For example, if your email address is John.Smith2@griffith.edu.au, the email might start with the salutation “Dear John.Smith2” or say that “your Griffith.edu.au email account will be deleted” or be signed “from the Griffith.edu.au support team”. Other versions of this email scam are given away by use of very generic or inappropriate language. For example, it may start with the salutation “Dear User”, which is a phrase Griffith’s IT Support are unlikely to start an email with. The email may go on to talk about “your Exchange email account” (Exchange is not the email system used by Griffith) or be signed off by “the webmail support group” (there is no such team at Griffith).
- Griffith’s central password system sends out emails warning you when your password is due to expire. We’ve tried very hard to make our legitimate emails stand out from scams. Real notifications have the title “Griffith University Password Expiry Notification”, address you by your full name, and give you instructions on how to browse to the password change page. They DO NOT give you a link to click on to get to the password change page – scam emails DO.
- If you receive a telephone call from somebody claiming to represent your bank, Telstra, Foxtel, Energex etc, remember that you only have their word that they really work for who they say they do. If they ask you to prove your identity before they can continue with the call, ask the caller for their name, department and a reference number and tell them that you will call back. You can then look up the appropriate customer support telephone number for the service/business in question using Google, White Pages etc.
- If you receive a telephone call claiming to be from Microsoft saying that your PC or Mac has a virus, is an unlicensed copy, or is otherwise broken, then it’s a scam. Microsoft cannot equate your computer’s internet address to your phone number. This is a common scam at the moment.