Gone phishing

Graphic by Charlie Chang | Mercury Staff

How to tell you’re reading a scam email

Congratulations! You have been chosen to receive a free scholarship! Just confirm your identity by clicking this totally unsuspicious link: www.whatisyourcreditcardnumberandmothersmaidenname.com.

Some scam emails are obvious, but sometimes convincing ones can slip through the cracks of Microsoft’s email monitoring and get into your student inbox. These kinds of scams are crafted to trick students or faculty into giving the scammers information that can make them money, either through direct theft like using bank account information, or through convoluted blackmail, like posing as the IRS or ICE, using your public student information to threaten you unless you pay them $160 in iTunes gift cards. Fret not! Here are some rules of thumb that will help you determine if a suspicious email is legitimate or dangerous.

  1. Look for grammatical errors.

This is one of the most common themes in a lot of scam emails. If you see an email pretending to be from someone important, such as a government agency, the university or a potential employer for a million-dollar company, and there’s grammatical errors, don’t trust it. Legitimate businesses and agencies proofread their content before emailing it out to avoid looking unprofessional (or like a scam!), so it’s pretty safe to assume it’s not legitimate if it has several grammatical, capitalization or formatting issues. This doesn’t always apply to very small businesses, or individual people like a professor. People make mistakes sometimes, especially if English isn’t their first language. The key here is if they claim they are a huge powerful organization, they shouldn’t have this problem.

  • Check the senders.

Scammers often will have email addresses from easy-to-register websites like Gmail and Yahoo, and from unheard of sites that have a lot of weird letters and numbers in them. If you get an email from pw7lpw4ix@d2in7odn.web, it’s probably not legitimate. Scammers sometimes go the extra mile to make their accounts look legit, often by using a recognizable name but messing up one of the letters and hoping you don’t notice. If you feel unsure, try googling the website they are claiming to be from and seeing if the addresses match up.

  • Check the recipients.

Scammers will often send out fraudulent emails to groups of people with similar or identical names. Someone sending you an email that says you were specifically chosen for something but has 20 other people in the recipients should be especially suspicious.

  • Look at what they are asking from you.

Scammers will ask for some pretty weird stuff, and it isn’t enough to list out what not to give them. Information that may sound harmless, such as a personal phone number, address or name and date of birth is often sought after by these scammers for identity theft or made-up blackmail. Why would anyone who doesn’t know you need to know your date of birth? Some scammers simply have a request for you to email them back, and nothing else. Of course, in those instances they will probably ask for something later in the email replies, after they think they’ve tricked you into trusting them. It’s safe to assume that an email with no info other than “here’s a job offer, please email back” is a scam.

  • Look what they are offering you.  

If it seems too good to be true, it probably is. Since the emails that get past the screening into your inbox are usually those trying to trick students into giving the scammers money, a lot of them will be things that have to do with money such as jobs, internships, loans or “free cash” offers. If you get an email offer to apply for a job you actually want, but the email seems suspicious, don’t click on any of the links in the email; instead, go to the actual company’s website and apply through there.

  • Look at what they are threatening.

Besides sending copious amounts of fake job offers, scammers also make up blackmail to try to scare students — especially those unfamiliar with laws or software — into paying them directly and staying quiet about it. The typical made-up blackmail claims might be things like “your legal status in this country will be taken away unless you give us money” or “we will release an inappropriate webcam recording of you unless you give us money.” For claims that have to do with possibly legitimate things like unpaid student fees, use the aforementioned techniques to verify if it is coming from the right people first, and then contact those people (such as the university or government) directly, not through replying to the email but by connecting with someone you know is a legitimate representative.

One other thing to watch out for is what kind of payment they are asking for. Scammers don’t want to be traced, so they will often ask for odd forms of payment like wiring money or sending iTunes gift cards. Actual blackmail (threatening to release specific information unless you pay them) is illegal and serious cases should be reported to the police (always use non-emergency methods such as filing a report online).

Still unsure if an email in your UTD inbox is a scam or not? Forward the email to infosecurity@utdallas.edu with an explanation of what the email is or might be, and they will be able to tell if the email is legitimate or not. If it is a scam email, marking it as “junk” in the Microsoft Outlook screen can help Microsoft’s auto-spam filter prevent other students from getting similar emails.

Lastly, there are steps you can take if you do end up clicking on a link in a scam email or sent a scammer information you thought was harmless. The first step is to change any passwords you have, especially on any other websites where you use the same password. If you clicked on a link that turned out to be dangerous, download an anti-virus program that scans your computer and let it scan your entire computer for a potential virus. I recommend Malwarebytes because it has a robust free version (the free trial is for the premium real-time protection; the forever free version is just a scanner). If the information had something to do with the university, give infosecurity@utdallas.edu the details and they can determine if it is a threat.

Leave a Reply

Your email address will not be published. Required fields are marked *