The Anatomy of Scams 2: Emails

Lucky (or unluckily), I managed to receive the types of scam emails that the average Internet user could stumble upon within the span of one month.

Scam emails that have landed in my spam folder. The dates range from June 24th to July 12th of this year.

Now, this email address has been around for a while now. I’ve not used it as a correspondence email for a couple of years as the address is quite childish, but since it was the email for a majority of the accounts I’ve created online, it has been leaked a fair share.

Related: Here’s why you should use a password manager.

While scam emails are one of the most common types of scams you can stumble upon, there are also cases where people are getting scammed on chat services, like Discord. Here’s what it can look like.

That being said, this email gets a steady stream of spam, most of them—if not all—actual scam and phishing emails. Since the ones I have right now pretty much covers all genres of phishing emails (which prays on one’s lack of awareness and desire for a hasty resolution), let’s dissect them.

Payment Fraud Scare

An invoice allegedly sent by PayPal. Spoiler alert: it’s not sent by PayPal.

Here, we have a scam email I would classify as a payment fraud scare. It disguises itself as an invoice one might receive after paying for something via PayPal. The invoice says that I have paid 479 dollars in an unknown currency for a new Apple MacBook Pro.

First signs that this is a scam? The PayPal logo is wrong. While the colors are similar, PayPal actually uses an image as their logo. They don’t type it out. They also lack the actual PayPal logo right before the name.

Secondly, PayPal knows my name. If this is an actual invoice, PayPal would address me by my name. Also, they don’t use “dear” to address their customers.

There is a lack of a period after “thank you” and, also, this isn’t what a PayPal invoice looks like. As PayPal is only a payment portal, they don’t offer you any information about shipping or the date the package is supposed to arrive. (Speedy delivery, by the way, since it’s supposedly going to arrive the same day as “I” paid for it.) Another damning thing is the email subject, as PayPal won’t title it “Shipment Confirmed.”

Also, since PayPal is a payment portal, what it should tell you is the account you sent the money to, the currency it was sent in, the currency the item is in (if applicable), and the laws that bind this transaction.

While I haven’t purchased anything from Apple (which I assume is the merchant) via PayPal, I’m pretty sure it should still only tell you the abovementioned information, while Apple would separately send you an email to confirm the shipment.

What really hits the nail on the head for me is that this scam email is clearly targeting an American audience. I am not in America. I am not American. The phone number they provide to contact them is a US number. If this is legitimate, PayPal would know that I do not live in America and therefore would not ring an American number (to avoid oversea costs). Secondly, the amount for the MacBook only makes sense in USD, which would be written legitimately as $479 USD. If it’s in my currency (which it would be since Apple should do that), this MacBook is a steal!

All PayPal invoices are also footnoted with the information on how to rectify an issue if there’s something wrong with the transaction. Fun fact? They don’t list a phone number for you to call in those instructions. In fact, they link you to their help page. There’s also a buffer period of 45-180 days for you to do something about it.

A screenshot of an actual invoice sent to me from PayPal.

Here’s an actual screenshot of an actual invoice sent to me. Although I have cropped out most of the image, to ensure some privacy, I can assure you that PayPal started this with “hello” and then my name. On the top right corner, they also have a time and date of which the invoice was sent.

Right off the bat, you can see the currency everything is sent in. There’s a nifty little bit of exchange rate information at the bottom so that I know exactly why I’m paying that much. The footer also contains the legal information of how PayPal functions in the place of my residence.

And, finally, you should always, always, check the sender’s information.

Surprise! It’s not an email sent via a PayPal domain.

All official emails from PayPal should be sent from accounts that use their domain name and then an area indicator if applicable. For example, .co.uk should be for accounts set up in the UK, while .com.hk should be for accounts set up in HK. If not, .com should be the basic one. Either way, the domain should contain the word PayPal and PayPal only. And, as far as I know, they don’t name their email accounts. They especially won’t name it “Sales Team” since PayPal is not selling you anything.

Should you call the phone number provided on the scam email, you’ll be re-routed to a call center and they’ll try and gain access to your computer in order to “check for hackers” or “refund the money.” Neither of these things will actually happen and you’ll be tricked or threatened to send them money instead. Unless you know what you’re doing, please do not call the number. For more information, I do recommend Jim Browning on YouTube as he predominantly deals with these types of phone call scams.

Advance Fee Scam

These are one of the most common types of scam emails. They start off with some kind of tangent on who they allegedly are and what they have. Some of them are officers who have found a box filled with discreet gold bars that they either want to share with you, or you’re somehow entitled to. Others are lottery winners (or just really rich people) and they have randomly selected you to receive a hefty donation. Sometimes, you might get a lawman or banker that noticed an inheritance that remains unclaimed since the client has no living relatives, so they chose you (who happen to share the same last name as their late client, though they can’t tell you what that last name is until you reply to them) to claim the inheritance if you are willing to split the money with them.

All of these scams have one thing in common. They’ll be written in horrible English, they’ll always make sure you contact or are contacted by other “people,” and they can’t seem to ever get the amount of money right. For my case, the scammer decided that I am entitled a payment of only $12.5, but in the email body, it’s actually a “sum of {$12.5 Millions}.”

Yes, that’s an actual quote. They forgot to delete the brackets when doing a “find and replace” command, I suppose.

And it’s always a good sign when someone has to reassure you something is 100% legitimate, right?

Oh, and we can’t forget a form that we need to fill. You know, with information that you should never share with a stranger on the Internet.

This is a very legitimate looking form, sir.

I also noticed something new about this scam email. At the very end, they added a little post-script note. Since most email providers are getting better and better at detecting scams, most of them land in your spam folder. While there might be a few stragglers (I’ve gotten a lot regarding my website and SEO or whatever), you don’t see a majority of the spam since the email service nets it. I can assure you it has nothing to do with your Internet provider, as much as Mr. Manuel might want you to believe.

Maybe I should ask him what those restrictions are?

Should you reply to these types of emails, the first thing they would do is to reassure you that this is 100% safe, legal, and legitimate. There’s nothing sketchy going on here, but don’t tell anyone! The second thing they will do is attach some kind of poorly edited document to reassure you they are a real person. After you provide them your (hopefully fake) information, they’ll proceed to tell you that they are going to send you the money by opening an offshore bank account, or literally mailing it to you. But, wait! There’s a catch. You have to send them a small amount of money so that they can help you set everything up. Don’t worry, though, when you get your lovely donation or reward, that amount shouldn’t matter, right?

Oh, they’re asking you for more money because something went wrong? Well, that’s fine, as long as you’re going to get that money… Right?

(No.)

For more information on how these scams usually go (and how to toy with them), I recommend Atomic Shrimp on YouTube as he predominantly deals with these types of scammers (and one special case where he makes a couple of phone calls). Again, this is not without risk. If you want to bait these scammers, please be careful.

Clickbait Phishing

The age-old phishing email. It still exists because sometimes, people click without thinking. And a lot of the time, that’s all it really takes.

In the past, the most they can do is grab your IP. Then, they might cleverly disguise their website to mimic a legitimate website to trick you into entering your information. Now, they can even forcefully download malware onto your device.

Never, ever click any links on emails you aren’t familiar with. Don’t download things from emails that you weren’t expecting. And never share sensitive information to anyone you don’t know or a supposedly frequently visited website that suddenly just forgot.

Generic Layout

Here is an example of a generic phishing email. There’s nothing much to it, other than a link to “more details” and a promise of a reward. Even in its body, it tells me to enter my details, so I assume they might want my bank and credit card details so they can pester me further.

The email address is suspicious as any kind of “reward scheme” should be sent by a big group name, rather than a generic keyboard mashed Gmail account. Though, just don’t believe in random rewards unless you specifically joined a lottery. If it’s too good to be true, it probably is.

Recognized Business Layout

Another version of this clickbait email is when they disguise it as another reputable service that a lot of people would have accounts for.

While there’s nothing in the body that shows what the cooperation could be, the address that sent this email has their name set up as “Tinder.” One could get confused and assume this is an official Tinder email.

Two things. One, I don’t think Tinder sends you emails like this. Two, they don’t even know which email they’re sending it to for the footer because they mass send these.

Also, it doesn’t make any sense for me to go to my contacts if I want to make new acquaintances.

(I also don’t use Tinder, so this would be spam to me either way.)

This one clearly has more effort put into it. It just doesn’t have enough effort.

As you can see, this one is allegedly from Facebook, warning me about a successful login from a new device. Although this is a little better than the Tinder phish, there are still hints that this is a scam. Other than the absolutely knackered email address that sent this, Facebook won’t call me by my email. Ignoring the fact that I don’t have a Facebook account attached to this email (though it’s safe to assume most people only really use one email and they also have a Facebook account), Facebook knows my name.

There are a few errors within this message. Facebook doesn’t format their login alert headers like that. They said “a user” logged into my account, which is unusual. They didn’t properly capitalize “iPhone 11 Pro.” The entire first sentence is structured awkwardly. They didn’t list the approximate location and time when my account was supposedly accessed. They tell me to “report the user” instead of verifying “it’s me.” They left a grammatical error in the second box. And this isn’t how unusual login emails look.

After these glaring errors, there are also personal things to consider. As I mentioned, this email account is not associated with a Facebook account, so that’s another tip-off. I should also mention that my Facebook account has two-factor authentication, so no one can just “log in.” I had to spend over ten minutes trying to log into my own account because of the two-factor authentication and after that, Facebook still sent me an alert about it.

They addressed me by name, by the way.

Even though at first glance, the phishing email could pass as legitimate, there are enough circumstances for me to realize that this is not real. The likely scenario of me clicking the link to “report the user” would have me enter my account information on a fake Facebook website and have my account stolen for real.

Please, be careful when viewing emails. Double- or even triple-check the sender. Although most scam victims are the elderly, sharp-minded people could be scammed too. It only takes a single lapse in judgement and good timing to trick someone into giving away information they normally wouldn’t. That’s all it takes.

Even if it’s seemingly an urgent matter, it won’t hurt to keep calm and check its authenticity. And, remember, a strong password and enabling two-step authentication goes a long way.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s