Welcome to SCAMALOT! This is part I of an ongoing series of posts devoted to helping you (yes, you!) become better email scam detectives.
Scammers are clever, and some of them are pretty good at making an email look like the real thing, at least on the surface.
So how do we distinguish a fake email from a real one?
Let’s start by comparing this fake Facebook notification to a real one. Names and addresses have been censored to protect the innocent. And the guilty. And you, because you should definitely not go to whichever questionable website this scammer wanted me to visit.
They look pretty similar, right?
Now, we should always be careful about clicking links in emails, even if they look really legitimate. But there are a few clues that the first one is definitely a fake.
Do I even use this service?
First, let’s look at where this email went. This appeared in the spam filter for email@example.com. That email address doesn’t even have a Facebook, so that’s an easy one! FAKE! You may also get messages about banks you don’t use, packages you haven’t ordered, and suspiciously cheap Rolexes you don’t want.
But it gets a little trickier if you do have a Facebook account, or the bank in question, or you did order something online (hopefully not Rolexes that fell off the back of a truck, though).
Who sent this message?
So next, we look at the headers. A really good email scammer can make an email look like it’s coming from someone else– remember that! But this one didn’t bother. This email from “Facebook” is clearly coming from an AOL address. And it’s going to someone who isn’t me either! Probably because they emailed everyone at Bryn Mawr the same thing. BUSTED.
But just to be thorough, let’s look at the other red flags in this fake message.
Is the message suspiciously vague?
The body of the message is pretty incriminating, too. I’ve blanked out the name, but trust me, I don’t know this guy, so I definitely shouldn’t be getting Facebook messages about him. It’s also really generic (it’s not telling me he posted a specific photo or message), and there’s no profile photo or anything. Though this does look like Facebook’s image for users who don’t have a profile photo. TRICKY!
But if we look back at the real message, it’s much more specific– I see the name of one of my actual Facebook friends, their profile photo, and an actual comment that they would make.
Where are they trying to send me?
Another good thing to do is to see where these oh-so-clickable buttons would take us, WITHOUT CLICKING ON THEM. I can do this by hovering my mouse over the button to display the address it links to.
Sir or Madam Scams-A-Lot would like us to go to some Polish website (the .pl tells me it’s Polish) that is definitely not Facebook! Nie, dziękuję! No thank you!
If I hover over the real message’s button, it does actually appear to go to facebook.com , but if I want to be really safe, I will go to Facebook myself and check my messages there, rather than trusting any of these notification emails.
What happens if I push the (metaphorical) big red button?
But you want to know what would happen if I did click that scammer link, don’t you? Well, probably the website would make some attempt to look like Facebook in order to get you to log in with your Facebook username and password. Once you’d entered those, scammers would have control of your Facebook account, and use it to spread their scamminess to all of your friends! Yuck. The best case scenario at this point is that you have to change your Facebook password, apologize to all of your friends, frantically warn them not to click those scam links, and maybe tell them to change their passwords too. If you use your Facebook account to log into other sites, or if you’ve used your Facebook username and/or password for other sites, it gets… uglier.
The End. OR IS IT!?
That concludes today’s lesson in fake email detection. Try your new detective skills on the next notification email you get. You can read more about common online scams at OnGuardOnline.gov. And stay safe!