Tag Archives: Scams

Phishing emails – tell-tale signs it’s not from who it says it’s from

Emails aren't always from who they say they're from!

Emails aren't always from who they say they're from!

I’ve just received quite an ingenious phishing email… well it’s slightly more intelligently conceived and implemented than the usual type

Yesterday I made an order on Amazon and today I get an email, pertaining to be from Amazon, telling me that my order has been cancelled!

Firstly, even though I’m sure that me receiving an Amazon order cancellation the day after making an order with them is purely coincidence, for me, as for many other people, Amazon account for the majority of everything I personally spend online so the chances of me having made a recent purchase are pretty high. Anyway, even if I hadn’t, my first reaction would have been ‘has my account been hacked?’ so I would have wanted to find out.

Secondly, it’s perfectly within the realms of possibilities that an order may have been cancelled –cards get stopped, vendors run out of stock… there are numerous reasons for this so you’d have no reason to, on first glance, assume that the email was legitimate.

Thirdly, the spelling and grammar was correct. On the one hand it amazes me have many grammatical mistakes there are in the average phishing email. I’m sure some of these are to avoid detection by spam filters but many other are simple mistakes that even pasting the text into Google or Word would fix. On the other hand, anyone stupid or foolhardy enough to think that to conduct a phishing campaign is a good idea can’t be the sharpest of twigs!

There are some massive tell-tale signs, though, that this email is not from who it says it’s from!

The one that first alerted me was that Amazon don’t send account and order notifications in that format using that font. If you’re on their mailing list, you’ll no doubt get your ‘deals of the week’ in rich text but everything else pertaining to your account is in a pretty standard format – order confirmations, despatch notes, etc. – will be standard format. I wouldn’t be surprised if the person who sent this email had never ordered anything from Amazon!

The other this I always do is check the domain within the links. This one wasn’t Amazon so I wasn’t clicking it

You can also use your common sense and examine the email a bit more closely. I have 8 email account sI use through Outlook and many of these are catch-all addresses. I only, however, have one email address registered with Amazon. If I get an email pertaining to be from Amazon to an email address I haven’t got registered with them, I know it’s probably not legitimate.

The advice is as always; if you get an email asking you to click on a link to go to a site; don’t do it. If you’re not sure, open your browser and go directly to the website. Log in there and then check your messages or account status directly.

Protecting your online store

Owning an internet shop or accepting money for goods or services is common practice these days for many website owners; however, as we’re all aware, criminals are forever finding new ways to defraud business owners.
An example of a common scam is where a fraudster, posing as a customer, asks to have an item shipped abroad using their own preferred haulage or courier company. It usually goes something along the lines of this:

  • The fraudster sends the payment up-front to the vendor in the form of a cheque or by Credit Card for the cost of the goods AND the cost of the haulage
  • The vendor arranges and pays for the haulage using the fraudsters requested haulage company which turns out to be a fake company
  • It later transpires that the payment to the vendor was made using either a fake cheque or stolen credit card details

The signs of internet fraud

The problem with payments made using stolen credit cards or fake cheques is that it may take several days or even weeks before this is spotted by the bank and the vendor is often liable for the money.
In order to avoid falling for a scam, it’s useful to be aware of the common signs of fraudulent activity, such as:

  • Customer asks to pay using Western Union Money Transfer
  • Customer asks to use their own courier or haulier
  • Customer pays by cheque but demands the item be shipped immediately
  • Customer asks for item to be shipped to an address other than the credit card billing address
  • Customer attempts to place an order by email
  • A single order placed using multiple cards
  • Orders requested to be rushed or ‘shipped overnight’
  • International recipient addresses – these need to be checked very carefully
  • Unusually large orders
  • Orders from ‘high-risk’ countries
  • Telephone number disconnected or wrong

If you have any concerns, please contact you bank before accepting orders. You may also want to request a fax copy of the customers’ credit card together with another form of ID such as driving licence beforehand
For more information, Visa has a guide to protecting your online store:
https://www.visa.ca/en/merchant/fraud-prevention/fraud-warning-signs/protecting-your-online-store/
Of course, you’re always welcome to phone us if you have any concerns!