When is a fraud alert not a fraud alert? When it’s a scammer trying to lure you into giving up your personal information.
A recent Own Your Defense article reviewed a powerful strategy scammers employ to lure targets into taking a specific action. That strategy, the exploitation of fear, is an influential motivator and can prompt individuals to forgo prudence in favor of swift action. One of the best countermeasures to fear is knowledge. By knowing when a person is engaging in fraudulent activity, it’s far easier to avoid becoming victimized by a criminal.
In the email message below, a scammer attempts to lure the recipient into clicking on a link to reactivate a bank account to avoid losing access to it. If an unsuspecting person clicks on the link, that individual will be taken to a lookalike bank website where he or she will type personal information directly into a scammer’s database.
Learn how to spot fraudulent emails, such as the one below, to avoid falling for them.
“Subject: Activity Alert: Online Banking Verification
From: “US.Bank” <[email protected]>
To:
CC:
Dear U.S Bank Customer,
Due to several Failed attemps to Access to your Account ,we Temporary
deactivated your Account for your protection. You have to Reactivate your
Bank Account within the next 24 Hours in Order to Continue using it .
To get started, please click the link below:
Sign in to Online Banking
Thank you
Customers Support Service.”
Here are the tell-tale signs this email isn’t from U.S. Bank:
- The sender never identifies any personal details about the recipient. Businesses will typically add a personal identifier, such as a first name, to give the message a personal feel. The absence of any such details is a red flag that this might be a fraudulent email.
- The message isn’t from a U.S. Bank email address. Don’t let the “US.Bank” in the From: line fool Anyone can change the name that appears with an email address (in quotes) or create a username (before the @ symbol in an address) to appear as the desired name, but mimicking a domain name (after the @ symbol) isn’t as easy. The domain in the email above, @rackspace.com, is not usbank.com.
- The body of the text in the email uses a combination of incorrectly capitalizing some words and leaving the rest in sentence case. The person who typed it doesn’t know which words to capitalize, so he or she guessed. The paragraph also misspelled the word “attempts” and incorrectly added a space before punctuation marks. A professional banking institution such as U.S. Bank would not make such glaring errors.
There are additional errors in the email that indicate it isn’t genuine. Can you find them all? Comment on this article below to share your findings with others.