‘Tis the Season for Phishing Scams: Here’s How to Spot Them

(Psst: The FTC wants me to remind you that this website contains affiliate links. That means if you make a purchase from a link you click on, I might receive a small commission. This does not increase the price you'll pay for that item nor does it decrease the awesomeness of the item. ~ Daisy)

It seems like phishing emails are doubling up this holiday season, or maybe I’m just getting more than I’m used to. Whatever the case, they’re in full swing and are out to get our hard-earned money as fast as they possibly can.

Phishing emails come in the form of an email (naturally) asking you to click on a link in order to update information. It’s called ‘phishing’ because it’s fake, as opposed to the real word “fishing”. True to the correct term of ‘fishing’, they reel you in with bait they decide you can’t resist with an email, and usually, the email itself is what I call an “Oh no!” email, which is one that causes both surprise and some dread. Once you click on the link they provide in the email, you’re immediately directed to a mock website that sometimes looks exactly like a real, genuine website.

Once there, you’re asked to enter your login and password to fix the supposed error in your account. But it’s not the real website, and the data you enter goes straight to the thief trying to get your credentials, your money, or even your identity. This can be done with any account you have online, from your utilities to your bank account – it’s all about making a buck. Or several.

Here is how to recognize phishing emails.

The way to spot phishing emails is surprisingly easy and just takes a bit of analyzing.

First of all, the return email address is typically a name of some sort combined with a very long string of numbers and/or letters. An example could be Targetnoreaplyservicecustomernumber09215-2151@dgfygggfg-sfyrdhfg.info, and sometimes they don’t even give a business name in the return email address, just the extension.

Second, the email is either addressed to “Customer” or nobody at all. You’d think a business who emails you regarding your account would at least have, and use your name.

Third, grammatical errors. On one of the recent emails I got from “Netflix”, this was in the header: “RE: [Security Update] Reminder: We sent to update reset bill…” This makes no sense at all. I’ve noticed many of the emails have horrible spelling too.

Notice the “e” on the end of ‘method’ in the email, and who it’s addressed to. This is a phishing email, and they want me to click on the highlighted link to enter my “Netflix” credentials, which will then allow them to retrieve my payment method. The payment method is usually a credit card or bank account, but even if you use PayPal or another payment type, you can still get a phishing email.

If you pay attention to the body of this email, (which, in comparison, is a remarkably well-done phishing email) you’ll see a writing format that resembles the way Captain Kirk from “Star Trek” might speak. “However, we’ve..noticed…that the card associated with..your. Prime membership.” This type of grammar goes on throughout the email. And, of course, the “To:” address is messed up because it’s supposedly to “PayPal support” but is about “Amazon Prime” and landed in my inbox. And again, the word “method”, this time located at the top in the header of the email, has an ‘e’ at the end of it. According to Wiktionary, this spelling is German for “Method”. Interesting.

Four: There’s yet another way to tell if your email is real or just another phishing scam. Scroll your mouse over the link they provide – don’t click on it; just scroll over it. You should see some text pop up, and if the email is real, the text should be the URL (or internet address) of the company (example: [email protected]). If you notice with this email, that’s not the case, and instead it gives you some other place it wants you to go. You can see it where I scrolled over but did not click on “View Membership Settings.”

Fifth, they can bypass all that and go for your Cloud, a giant database accessible by any computer or smartphone. With the ability to get email on our phones, it becomes doubly dangerous, making it possible for someone to access a whole host of accounts through our email.

Again, we see the weird extension after the ‘iCloud’ name, the lack of customer name in the ‘To” section, and the grammatical errors in the body. And check out the time listed in the email: “October, 25 2019 PDT.” Last time I checked that was a date, not a time.

Be very careful with phishing emails so scammers can’t access your data.

These emails I’ve shown were all sent to me in the past 30 days. Thankfully, I don’t have my email account on my phone, I don’t pay for Netflix, and my Amazon Prime isn’t due in October. So, I knew they were fake emails and didn’t respond to them the way they wanted me too. But I did respond.

And speaking of phones, phone scams are also at an all-time high. Here’s how to avoid being the victim of a phone scam.

As noted earlier, each email will contain an embedded link that the sender has created, taking the receiver to a site the sender has set up for the scam. Don’t ever use it. That’s the first way of keeping your devices and information safe. These people prey on our laziness and our desire to hurry up to fix things so we can get on with life. Instead of playing by their rules, open your browser and enter the correct, known, site address yourself. If you don’t know the site addresses, use a search engine to find the correct one. Just type in the name of the company and you’ll find the site address link is almost always at the very top of the page.

Usually, not always but usually, the address is simple, with the name of the company.com. Netflix.com, Amazon.com, icloud.com, and so forth. Once you go to the site using a URL address that you enter yourself, or using a link that your search has provided, you can enter your login credentials if need be and you’ll know right away if the email you received is a scam.

Another way to know is to carefully read the email. Like I’ve shown, phishing emails usually don’t have your name listed as the recipient, the spelling/grammatical errors are usually atrocious, and a scroll with your mouse over the links in the email usually show an unknown website/URL. As well, know your due dates and the payment methods you use. If your payment isn’t due, you shouldn’t be getting notifications that your account is suspended, and if you don’t use Netflix, you shouldn’t be getting an email telling you your account needs to be reset.

So, in a nutshell, we need to continue being smart about our online communications, where we go, and what information we give away. Scammers are getting better at creating mock websites and fake emails. This doesn’t necessarily mean we should stop using online services altogether, it just means we should proceed carefully.

Additional Resources

What do you think?

Have you received phishing emails like the ones described in this article? If so, what do you do about them? Have you, or anyone you know, ever fallen for one of these scams? If so, what happened? Share what you know – as a community, we can help warn one another. Please share your thoughts in the comments.

About Sandra

Sandra is a published artist, photographer, fellow prepper, and animal advocate.

Picture of Sandra D. Lane

Sandra D. Lane

Sandra is a published artist, photographer, fellow prepper, and animal advocate.

Leave a Reply

  • What’s even scarier than the emails are the phone calls. They have developed AI now to the point where you can barely tell you are talking to a machine. At the current level of sophistication this technology will fool most seniors. They don’t know or understand what a Turing test is, let alone know how to administer one on the fly and make a determination during a conversation.

    Email scams are easy to spot by comparison. The phone scams are getting more insidious every day.

    “If it was REALLY urgent or important, I would be contacting YOU! Goodbye!” – Charles in VA

      • This should explain what it is. I don’t usually reference to Wikipedia, but there’s not much bias in this article.

        https://en.wikipedia.org/wiki/Turing_test

        As for administering it…at some point in the conversation simply go off topic in response to a direct question. If it’s a machine, it will pause and then repeat the question verbatim. Humans don’t think or act that way. Machines do. The voice sounds 100% human right down to the cadence and inflection. I stumbled across this quite by accident, but I assure you the technology is already out there in use. So far I’ve only encountered it once, and that was only two months ago. I’m sure it will become more ubiquitous as time passes.

        Forewarned is forearmed.

      • I put a link up for you along with some advice but it’s waiting for approval. I’m not clear on what Daisy’s policy on posting links is, but if you search Wikipedia for the term “Turing Test” it will explain everything pretty well. And check back later. She may decide to approve my comment after review.

        • Links always go into moderation so that it can be reviewed by a human to be sure it isn’t spam. You’d be stunned at the number of counterfeit Air Jordans and erectile disfunction offers people post!

          • I suspected as much, but now I know for a fact. From now on if I have info I want to put forward quickly I’ll use the “www dot websitename dot com” style. Anyone too lazy to type it in manually wasn’t interested anyway, right?

            It would be interesting to share web admin war stories, but this isn’t the venue for that. Thanks for the clarification!

            • LOL ! I should start a web site for old web designers like the V.F.W. organization.

              I could call it the Veterans of World Wide Web Wars (VWWWW) or (V4W for short).

  • About phone scammer/spammers

    I’m in a state that set the record for drawing the most robo-calls in the nation. A couple of decades ago, I had to put this message on my desk phone’s answering machine to stiff both the robo-callers and the wrong number callers:

    “Hello, and thanks for calling. At the tone, please leave your message or a way to get back with you as soon as possible.”

    Unless I recognize (or am interested) the caller either by voice or caller ID, I don’t pick up, or call back. That blind outgoing message is inoffensive, and people who know me understand the situation. After two decades of successfully stiffing robo-callers, scammers and caller ID spoofers, I see no reason whatsoever to change my system.

    –Lewis

    • I use the same message and call screen religiously. Some of those jamokes just never give up though. They keep calling back day after day, week after week until I finally pick up, cuss them out and hang up on them. It’s worked pretty well for me. I’m also on the National Do Not Call List. It isn’t perfect, but it cuts down on most honest sales calls.

      Back in the spring I had some wingnut call me and left a message saying he was from a collection agency and was calling about a credit card debt. I found that doubtful since I threw out my credit cards 20 years ago, but I returned the call thinking I might have been the victim of identity theft. I asked what card he was referencing and he guessed wrong. When I told him his info was bogus he threatened to sue me! I said,”Go ahead!” He said “I’m not joking sir!” I said “Neither am I pal…Go F*** yourself”. The poor fool was stunned speechless! I just had to laugh. Apparently I was supposed to be intimidated by his lame threat like his other victims, but I popped his cherry instead! It was priceless.

      8 months later and I’m still waiting on those legal papers he assured me would be delivered “in the next 48 hours”. LOL! Idiot criminals amuse me!

  • My land line service provider is excitedly touting their ability to identify “potential” scam calls via caller id. Along with instructions how to sign up (read: pay) for caller id.

    Listen closely to the “caller” – most of the time the person on the recording will make at least one grammatical error. I received two calls from a “social security officer”, advising me my social security number had been used for fraud (not fraudulent) activities on southern Texas. Press 1 to talk to “officer”.

    If you get. a call that “suspicious activity” has been detected on your computer, tell the caller you don’t have a computer. And I really would like the “IRS” to call me lol.. My goal is to get the caller to hang up on me!

    These days, I think scam callers assume only old/older people have land lines. Tactical error if you ask me.

    • I’m also prone to keeping a whistle hung by the phone. A hunting horn is also likely to be within reach. A blast from either one will set the (sadly, often Indian-accented) person on the other end back a few feet.

      My dad (who’d been in banking all his life, so cautious to the extreme!) would sometimes “play” with the person on the other end, generally using a French-Canadian hac-CENT. I remember one such call going on for more than half an hour–until I heard him exclaim (without accent),”You’re in Texas and you’re interested in MY septic tank in N.H.!?!?”

      • Thanks for the idea! I just found a new use for my Magnum Crow call ! I’m always misplacing that sucker anyway. If I store it by the phone I’ll always know where it is, and it is loud and annoying as all Hell ! 2 birds, 1 stone.

        Your dad sounds like a real hoot. I’ve done that myself (without the accent) on occasion. Next time he should use the fake name “Pierre Delecto”. That would make it even funnier!

  • I don’t have a landline and I do not answer calls on my cell unless it is my father. Everyone else I know will text me or come over to see me.. so anyone else calling me is not someone I want to talk to

    Another thing to watch out for is fake check scams for items you are selling online. The checks are so good now the banks can take weeks to find out it is fake. Often the “buyer” will send a check for more than the item, in my cases, it was cars. The extra to be given to his shipper, or agent..Agent is used by foreigners alot. Also the ask if you still have the “item” , they never say what it is. You would think someone paying thousands for a car online would ask a question or two about it. It is an old scam but if you haven’t sold online before you probably never heard of it

    If you get money from the bank from that check, they will want it back…yesterday. So be careful. I prefer US postal money orders for this reason. Plus you can cash them at the post office so nobody knows you made a few bucks.

  • I have to laugh I get calls from what DH and I think is the Chinese consulate. Recorded Lady speaking chinese on my cell phone. As near as DH can figure out it’s a phishing expedition looking for Chinese Nationals or their family members that are here LEGALLY.
    The one time it was in English I hung up and didn’t listen to the recorded call as it clearly said Chinese Consulate calling. I should have listened but I was with family at the museum and didn’t want to bother playing with them at the time. I get the Social Security calls regularly and Microsoft wanting to”fix” my Microsoft computer. I also get one from the IRS telling me I owe money for back taxes and to press one to speak to a “representative” and if I don’t there will be police coming to arrest me. Still waiting for the sheriff to show up LOL.

    • Interesting.. I got a call from the Chinese consulate the other day. Mine went to voice mail because if I don’t recognize the number, I don’t pick up. Very few have my cell number (by design) so if by chance the caller is legit, best to leave a message.
      Yeah, the sheriff hasn’t shown up at my door either lol..

  • I got a call one day and the person actually left me a voice mail. The caller ID said the call was from Jamaica!
    The message said that I had won 1 million dollars and only had to return the call to claim my prize! I laughed at that one for days!
    I never answer calls I don’t recognize on my cell and figure if it’s important the caller will leave a VM. If they do not, the caller gets blocked every time. My blocked calls list is huge but I really don’t get many on my cell.
    I love some of the ideas listed here for dealing with these annoying calls! Charles has some good ones!

  • You Need More Than Food to Survive
    50-nonfood-stockpile-necessities

    In the event of a long-term disaster, there are non-food essentials that can be vital to your survival and well-being. Make certain you have these 50 non-food stockpile essentials. Sign up for your FREE report and get prepared.

    We respect your privacy.
    >
    Malcare WordPress Security