Watch out for these email and mobile messaging spam and phishing scams

Almost 300 billion emails are sent per day to the world’s 4 billion email users. The shocking part is that about 55% of those emails are spam and phishing messages.

Spam is unsolicited email or massaging texts; messages that you did not sign up for and do not want in your inbox. They often also contain phishing and malware that could steal your personal data, attempt to steal your logins and passwords and, in the case of ransomware, lock access to your own computer.

Phishing is when someone uses fake emails or texts that lures you to click on a link to get you to share valuable personal information such as logins, passwords or account numbers. Typically, a phishing email will request you to click on a link to update or verify your personal or account information.

Below are examples of typical spam email messages.

Spam! Do NOT click the link!

Spam is darn irritating! It fills your inbox, wastes your time and wastes your data.

Usually, a spam email is like an unwanted advert: it invites you to visit a website where you will be enticed to purchase something. And if you are tricked into a purchase you probably will never receive any items. Your money will be stolen.

If a message offers you an unexpected reward – especially if it appears to be from a company or organization with which you are registered – please double-check the sender address and links.

So, first rule: do NOT click on links that you do not recognize.

The spam link text might be a familiar word such as a famous name, a popular brand name or short general language sentence – such as “Best good news today” – but those are cloaked links. The link might mention “good news” but will lead to something completely unrelated, usually an online shop advertising overpriced or fake goods which would in anyhow not be in stock.

To see where a link leads to, hover the mouse point over it and the actual link address will appear in the small message bar in the left bottom corner of your browser.

Spam! Do NOT open the attachment!

Often spam messages also contain attachments. These attachment can plant a computer virus or execute unwanted commands on your computer or phone. Therefor, if you do not know the sender, do NOT open the attachment.

Phishing

Phishing are messages that look authentic but are scams. It might look exactly (same layout and colours) like an email from your bank, your medical aid, a hospital, a charity or any other familiar supplier but they definitely are not.

Because phishing looks authentic it sometimes is difficult to tell from a legitimate message but here are some clues:

  1. A legitimate organization (such as your bank, insurance agent, medical aid, etc.) will NEVER ask your for your password.
  2. Note the spelling and grammar. Scammers are notoriously bad with spelling and grammar.
  3. Check the sender address in the “From” line. (In some email formats, you will see that in a small dropdown menu.) If you do not recognize the sender’s email address, delete the email.

If you had, by accident or otherwise, already clicked on a spam link or had opened an infected attachment, you must immediately change your password on the related service. For instance, change your email password and, if you had also entered your bank details in some form, change your bank account password immediately.

Ransomware

Ransomware is, as the name suggests, an execution which will hold you to ransom. It is a tiny bit of virus software that could be delivered within an attachment in an email or as a background download from an unsecure website.

Once downloaded, the ransomware will lock your computer or phone; once executed the only message you will see is a screen with a message asking you to deposit money in some account to gain an unlocking key. It could cost you a lot!

Anti-Virus software

Again, do NOT open an unfamiliar attachment. And use an anti-virus program; they really do work.

A good anti-virus program will scan your entire computer or phone and will scan links in emails.

Also, it is very important to keep your operating system and your software programs up to date.

Keep your eyes open for browser safety messages. An unsecure website usually is flagged by the message “Unsecure connection” or “Not secure” or “Your connection is not private.”

Look at the website address: if is starts with “http” instead of “https” (with an “s”) then you should not visit it.

Coronavirus spam and scams

Crooks usually strike hard in times of national or international disaster. When there’s an earthquake or flood anywhere in the world be sure you’ll get a soppy email asking you to contribute to some charity (which turns out to be fake).

Crooks are using the Coronovirus pandemic to try to get people to send money to them or to buy products that promise unproven cures. Note, they usually ask to be paid in Bitcoin or other cryptocurrencies.

As with other phishing messages, usually the crooks will copy the emails and/or websites of legitimate crisis and/or charity organizations so that it looks authentic. Please check the links before you click on them and do NOT open any unknown attachments.

Also please be aware that people dressed as hospital staff or first aid workers are knocking on doors with fake Coronavirus test kits only to rob you once you open the door. Do not open the door unless you know a person/s; rather talk through the window and, if they look suspicious, call your security company and/or community watch group.

If it sounds too good to be true

No, you are not ever going to get money from some Nigerian whose uncle had just died.

These are called 419 scams because the number “419” refers to the section of the Nigerian Criminal Code dealing with fraud, the charges and penalties for offenders. But, as the Wikipedia 419 article explains, most of these scams comes from many other countries as well, including South Africa.

You will also NOT get money from Mark Zuckerberg, Bill Gates, Cyril Rhamaposa or anyone who you do not personally know well.

Example of a 419 spam email

If you get any such messages, delete them. If you use a hosted email service such as gmail or yahoo mail, send it to the spam box so that the system algorithm can pick it up to stop similar messages in the future.

If you get a 419 or any other spam message in an SMS or whatsapp message, block the number immediately.

By the way, you also did not win a car! Legitimate competition organizations will call you personally if you had entered a legitimate competition to win a car and had actually won it.

And those numbers that some stranger sent you are definitely NOT the winning lotto numbers! (The odds of winning the lotto is 1 in 20+ million.) Do NOT click on the link.

In short, if it sounds too good to be true, it usually is!

Spam and phishing examples

Herewith as some example of spam and phishing messages.

Note, where it says “[link removed]” is next to the word/s place where a spam or phishing link usually appears.

Due to outdated information, your account has been placed on hold . Please update your account [link removed]

Your card starting with 4506** has been temporarily limited. Visit : [link removed]

Your account is disabled. Due to missing details. Please restore here: [link removed]

We noticed that a different computer has tried to access your online banking but failed with wrong identity challenge during the process. You now need to verify your Online Banking Identity. If this is not completed by September 04,we will be forced to suspend your account indefinitely, to avoid being used for fraudulent purpose, click here to Verify My Accounts. [link removed]

We could not verify your account due to some miss-match code error found during our last security update you are strongly required to verify. click here [link removed] to resolve now.

Recently, there’s been activity in your account that seems unusual compared to your normal account activities, so we’ve blocked your access to your account. Restore My account [link removed]

And here is an example of a particularly nasty spam –

An error in your SMTP/POP settings is blocking your incoming email.
This is an autmomated email sent from our SSL severs to inform you that there is an error in your email configuration.
This error was identified on: ##date## and we have not been able to deliver 2 contact email messages from this date.
To retrieve your emails and reconfigure Port 587, . click here and follow the instruction [link removed]
Warning: Failure to do this will lead total suspension of your email account.
This message has been sent to: [your email address] please ignore if this is not your email address.

Virus and Malware removal

If you suspect that your computer or laptop has been affected by a virus caused by an email attachment or unsecure website link or download, bring it in to Essential IT Solutions. We provide a virus and malware removal service.

Date: 18 Mar 2020