This term commonly refers to scams sent via email. These are extremely common, but there are some ways to spot the real deal from the fakes:
Red Flag #1: The message is sent from a public email domain
If you receive an email where the domain name – i.e. the word after the @ symbol – looks suspect, it probably is. “No legitimate organisation will send emails from an address that ends @gmail.com – not even Google,” warns Luke Irwin from cyber security firm IT Governance.
“Most organisations, except some small operations, will have their own email domain and company accounts. For example, legitimate emails from Google will read @google.com. If the domain name matches the apparent sender of the email, the message is probably legitimate.” The best way to check? Type the company’s name into a search engine and see what comes up – that’s the name you should expect to see somewhere in the email address. If you don’t, delete and move on.
Red Flag #2: The domain name is wrong but the sender’s name looks right
Most people’s inboxes are formatted to display a name, like SheerLuxe and the subject line. It’s only natural, therefore, to assume you know who the message is from and open the email right away. “When crooks create their bogus email addresses, they often have the choice to select the display name, which doesn’t have to relate to the email address at all,” warns Luke. “They can, therefore, use a bogus email address that will turn up in your inbox with a legitimate-looking display name.”
To try and counteract this, make sure you look at the full email address and see what you think based on the advice above – just be warned, some bogus email addresses will use the spoofed organisation’s name in some part of the address. To double check, visit the company’s proper website and see if there’s a ‘contact us’ page – you’ll be able to see what their actual domain name should look like here.
Red Flag #3: The email is poorly written
You can often tell if an email is a scam if it’s full of poor spelling and grammar and, simply put, it just doesn’t make sense. “Many people will tell you that such errors are part of a ‘filtering system’ in which cyber criminals target only the most gullible people,” explains Luke.
“The theory is that, if someone ignores clues about the way the message is written, they’re less likely to pick up clues during the scammer’s endgame. However, this only applies to outlandish schemes like the oft-mocked Nigerian prince scam, which you have to be incredibly naive to fall victim to. That, and scams like it, are manually operated: once someone takes to the bait, the scammer has to reply. As such, it benefits the crooks to make sure the pool of respondents contains only those who might believe the rest of the con.”
Just bear in mind that some attacks can also be automated, which are less likely to contain spelling errors. The grammar might still be a bit weird though, so check it thoroughly, including the email address before you reply.
Red Flag #4: It includes suspicious attachments or links
No matter how phishing emails are delivered – be it to your computer, phone or tablet – they all contain what’s known as a ‘payload’. Luke explains: “This will either be an infected attachment that you’re asked to download or a link to a bogus website. The purpose of these payloads is to capture sensitive information, such as login credentials, credit card details, phone numbers and account numbers.”
The crucial thing to remember is that once you open these attachments or click through to these links, it’s most likely too late. “Never open an attachment unless you are fully confident that the message is from a legitimate party,” advises Luke. “Even then, you should look out for anything suspicious in the attachment.” As for links, you can usually spot a suspicious one if the destination address doesn’t match the context of the rest of the email. “For example, if you receive an email from Netflix, you’d expect the link to direct you towards an address that begins ‘netflix.com’,” adds Luke.
Red Flag #5: The message creates a sense of urgency
Scammers know that most of us procrastinate, which explains why so many scams request that you act now or else it will be too late says Luke. “PayPal, Windows and Netflix all provide services that are regularly used, for example, and any problems with those accounts could cause immediate inconveniences.” Phishing scams like this are particularly dangerous because, even if you do suspect foul play, you might be too afraid to risk it by not replying or attempting to get in contact.
You might not have heard of this term, but you’ve almost certainly encountered it – it refers to scam texts which are sent to your phone. Here’s how to spot ones which present a danger:
Red Flag #1: The phone number looks like a mobile
It’s very rare for legitimate companies to use mobile numbers to get in touch with customers – be it banks, utility providers and many more. “If in doubt, only use the number on the back of your bank card, or search for the number online,” advises Colin Rowe from The Money Advice Service. “If it’s a known fake number there’ll be information on the internet.”
Second, look out for spelling or grammar inconsistencies – similar to phishing emails. “There might be spelling mistakes, or the text just addresses you as Sir or Madam. Real messages from these companies will usually address you by your full name,” adds Colin.
Red Flag #2: It asks you to follow a link to enter your details
It should go without saying that you should never click any links in texts. “If in doubt, go directly to the website and log in as normal,” says Colin. “If there really is a problem, you’ll have a message on the website telling you what to do.” If you do click the link, however, be vigilant throughout the process. “Many scammers have developed very close replicas of genuine websites to fool you,” warns Colin. “But there’ll be some signs it’s not legitimate, such as odd spelling or low-quality graphics. If there’s a number for you to call, check it matches with the one on the back of your debit or credit card. If in doubt, call the number on your bank card to find out if there’s an issue.”
Red Flag #3: They know enough to fool you
While professional scammers are unlikely to know everything about you, they’re great at giving the impression they know you well enough to trust them. But no matter how much they imply they know, never ever give them more, says Colin. “Never give out personal details under any circumstances. No legitimate company is going to ask you to reveal personal or security information over the phone and under no circumstances tell a caller or texter your PIN, password or any other piece of information that could compromise your account.”
Another tip is to see how the company is addressing you. “Legitimate companies will normally address you by your full name as a way of helping you spot fraudulent messages,” says Colin. “Scammers probably won’t know your full name, so will use something generic such as Sir, Madam or valued customer.” This way, even if they claim to know your account number or anything else personal, you’ll know instantly it’s not genuine.
This might be considered a tad old school these days, but you’re no less likely to be targeted over the phone than by other means.
Red Flag #1: They claim they’re calling from your bank
“Someone may call claiming to be from your bank telling you there’s a problem with your card or account,” explain the team from Age UK. “The caller will often sound professional and try to convince you that your card has been cloned or that your money is at risk. They may ask for your account and card details, including your PIN number, and even offer to send a courier to collect your card. They may also advise transferring your money to a ‘safe account’ to protect it. This is a common scam and your bank would never ask you to do this.”
Red Flag #2: They say you’re entitled to compensation
An oldie but a goodie, this one is a textbook scam. “This is a call from a company asking about a car accident you’ve supposedly had claiming you may be entitled to compensation,” explain the Age UK team. “Some of these could be genuine companies looking for business, but others are scammers. Don’t engage in these calls. If you’ve had an accident, call your own insurance company on the phone number provided on your policy.”
Red Flag #3: The person claims to be the taxman
Just because someone claims to be a person of authority doesn’t mean they are. “You may get a call from someone claiming to be from HMRC saying there is an issue with your tax refund or an unpaid tax bill,” say the Age UK team. “They may leave a message and ask you to call back. Again, don’t be fooled by this. HMRC would never contact you this way and would never ask you to reveal personal financial information such as your bank account details.”
Equally, if someone claims to be a financial professional, it’s highly unlikely they’d approach you this way. “You could get a call about an 'unmissable' investment opportunity or offering you the opportunity to access your pension cash earlier,” warn the Age UK team.
Red Flag #4: They tell you they’re only trying to help
Think of this last one as the ‘anti-scam scam’. “This is a call from someone claiming to be from a charity supporting scam victims, a company selling anti-scam technology, or from someone demanding money to renew your Telephone Preference Service registration, which is actually free,” warn the Age UK team.
“Be alert to all of these. Older people are often a target for scammers, so it's important to be aware of phone scams and how to handle them. First, don't reveal personal details. Never give out personal or financial information and if you feel harassed or intimidated, or if the caller talks over you without giving you a chance to speak, end the call,” the team adds.
If you’re still in doubt, ring the organisation. Just make sure you find the number yourself and don’t use the one provided by the caller. Finally, don’t cave to pressure. Scammers will try to rush you into providing personal details or claim your bank account is at risk if you don't give them the information right away.
Red Flag #5: You get a missed call requesting you call back
This is an odd one, but it's potentially dangerous, say the experts. "Scammers use automated systems to dial mobile numbers,” explain the Ofcom team. “The call often lasts less than a second and comes up as a missed call. Calls will typically be from a number beginning 070 or 076 (which look like mobile numbers but cost considerably more to call) or from non-geographic numbers such as those beginning 084, 087, 090, 091 or 118. Anyone who does call the number back is charged for as long as they're on the phone.”
It’s also possible they’ll attempt to leave you an automated voicemail asking you to ring your bank or utility provider on a specific number but beware – it’s usually a phoney number which redirects straight back to the scammer, who’s ready and waiting to take down all of your private details. Instead, phone the number on the back of your debit or credit card and try to speak to someone independent who can advise you on whether the call was genuine.
Worried you’ve been scammed? Here what the National Cyber Security Centre suggest…
STEP ONE: If you’ve been tricked into providing your bank details, contact your bank and let them know. If you think your account has already been hacked (you may have received messages sent from your account that you don't recognise, or you may have been locked out of your account), refer to their guidance on recovering a hacked account.
STEP TWO: If you received the message on a work laptop or phone, contact your IT department and let them know. If you opened a link on your computer, or followed instructions to install software, open your antivirus (AV) software if you have it, and run a full scan.
STEP THREE: If you've given out your password, you should change the passwords on any of your accounts which use the same password.
STEP FOUR: If you've lost money, tell your bank and report it as a crime to Action Fraud (for England, Wales and Northern Ireland) or Police Scotland (for Scotland).
For more information on scams, visit ITGovernance.co.uk, MoneyAdviceService.org.uk, AgeUK.org.uk and NCSC.gov.uk.
*DISCLAIMER: Nothing published by SheerLuxe is intended to constitute financial or legal advice. The statements reflected in this article reflect the opinions of the individuals or companies, and them alone. Always consult a qualified, independent professional before making any financial or legal decisions which might affect you.
DISCLAIMER: We endeavour to always credit the correct original source of every image we use. If you think a credit may be incorrect, please contact us at email@example.com.