I get a lot of spam. In some cases, I’ve provided an address to a site/service I genuinely want to use, and not been careful about opting out of their helpful add-on email offerings. In some cases, my address has been scraped or guessed by someone who doesn’t give two hoots about my email preferences.
Replying or clicking unsubscribe can be a bad idea if you get a one-off piece of spam, as it verifies to the sender that the scraped/guessed address is live: this may result in your address being prioritised in future campaigns, and potentially shared with or sold to other spammers. The safest approach in this case is to delete the mail without clicking any links. If you get repeat messages from the same source, or in the same style, either blacklist the address, or set up keyword-based filtering to avoid seeing the same kinds of mail in your inbox again. Check your mail client’s documentation for information on how to do this. If you’re getting unwanted messages from a legit service you really did subscribe to, feel free to click the “unsubscribe” or “mail preferences” link in their signature and change the categories/frequency of the messages they send you.
A quick checklist of things you should check when you get an email that looks like a spam/phishing candidate:
- Does it make sense? Does it refer to something you’ve actually done? (Buying something using your PayPal account, making an ebay/Amazon/iTunes purchase, …)
- Compare to a legit message – if you’ve heard from this source before, what language/format do they use? If they usually address you by your full name and title, then receiving a message to “Dear valued customer” should raise a red flag.
- Check the from address (not just the display name) – is it from an address in the “amazon.com” domain, or maybe “amazon.com.not.really.com”?
- Check the to address(es) – are you getting what looks like a personal 1:1 message from a friend, but it’s actually being sent to a dozen or more recipients (or to “undisclosed recipients”)? Are you getting an email that looks like it could be legit, but you wouldn’t usually get it at this address? (E.g. is your Amazon account connected to a personal email address, but this message has arrived at your work address?)
- Check the reply address – a spammer/scammer might put the effort in to making sure the from/to look legit, but they probably don’t want the reply going to the person they’re impersonating (unless they’ve actually got control of their account). Hit Reply and see if the “To” address matches the from – look for the full address including the @ (not just the resolved name), and keep an eye out for any character substitutions (2 “v”s instead of a “w”, digit “1”s instead of letter “l”s) – copying and pasting the address to the main body of the email and changing/blowing up the font may help.
- Check links – if the message looks legit, but encourages you to click a link, hover over the link and check whether the URL goes where you expect (mybank.com or spammingandphishing.mybbank.com).
- If the message is from a business, what contact information do they provide? Almost every legitimate business will include a signature with a disclaimer and business details (website, address, switch phone number etc.).
Here’s a recent message I received that almost fooled me, since a DPD driver had spent several minutes knocking on a neighbour’s door in the preceding hour, then driven off still in possession of the parcel he was trying to deliver. I speculated that the label might’ve included the wrong house number. But when I stepped back and took a moment to think about it, I spotted a few tell-tale giveaways.
- The display name says “DPD Ireland”, but the email address is from .jp instead of .ie. (I might forgive a .co.uk or .com, but .jp is stretching it!)
- The web addresses behind the “update your details” and “track your parcel” links are in .in domains.
- And from the purple colour on the first hyperlink, you can tell I followed it to check where it might take me. The webpage is very convincing with all the right branding and visuals, but the URL (web address) is all kinds of wrong. In fact, when I backtracked to the top level of the domain I was redirected to, it was for a wood graining service in the US!
- There is a business address included for collection, which adds a sense of legitimacy, but actually it’s woefully incomplete, and doesn’t include an Eircode.
- There are no contact details to phone/email support for more information or to rearrange delivery.
- Finally: it seems odd that DPD could have had an incomplete postal delivery address on the parcel, but magically have my email address. If they had that much additional info on me, you’d expect they might have my phone number too and have tried that first!
There is an edge case here: if a genuine email account has been hacked, you may receive odd messages from a “known” source. In this case, if you can, contact the real vendor/account owner – ideally, use a different address or a phone number – to check whether the message is legit before taking any action. This gives them an opportunity to find out if they’ve been compromised, to reclaim their account or change their password, and to warn others in their address book not to fall for the scam.
