Recently, an email released by a scammer pretends to be from Capital One, a major, well-respected financial institution. In it, the scammer attempts to lure the email recipient into believing the Capital One website could be at risk of a fraudulent attack unless the individual clicks on an embedded link to update account information. If the recipient clicks the link, it will direct that person to a website set up by the scammer, not the actual financial institution.
Why does a scammer send these types of emails to a mass audience? Why not just target the company itself and steal information en masse, eliminating the chance that most people will avoid clicking on a potentially fraudulent email?
A typical scammer isn’t usually skilled in the art of hacking major corporate servers. Businesses invest a substantial amount of money each year in protecting their digital assets, including Capital One, and even the most skilled hacker, or network of hackers, would have an extremely difficult time piercing these defenses. A scammer’s knowledge is often technically limited, and this person’s capabilities often leave much to be desired. These individuals can’t steal consumer information from a business network. What they lack in technical ability, however, they make up for in a singular commitment to one goal – convincing you to take action that benefits them.
Returning to the bank email notification, this scammer is slightly more sophisticated than the usual scammer. Bad grammar, punctuation, and spelling usually plague scam emails. While this particular scammer isn’t perfect, the individual has a general understanding of the English language. The sentence construction in this email probably isn’t what a bank would use, and there are a few punctuation mistakes a bank would likely avoid. Spelling in this email is fairly accurate though, and content flows as writing should, unlike in garden variety scam emails.
Here’s the scam email in its entirety:
This email might be enough to fool some into believing it’s genuine, but here are the tell-tale signs it is not:
- It appears to be “From: Capital One,” but reading further, “firstname.lastname@example.org” is not an email address the company would use. Look at the actual address, not the name that precedes it.
- The email has no information that personally identifies the recipient. Scammers send mass emails to a distribution list, and they don’t have any personal information on the target audience in such mass emailing. Look for the lack of any personal information to identify the email as a possible scam.
- The hyperlink embedded in the body of the email looks like it’s from Capital One, but it links to a website completely unrelated to the bank. To see if a link is genuine, hover the mouse over the link, but do not click it. This part is important – do not click the link. In the lower left side of your web browser, or other location depending on the type of browser you use, the actual link embedded in the email will appear, showing its true nature.
If you receive an email that looks genuine and you’re tempted to follow its instructions, check for the points above to run it through the scam test. If the email has any of the symptoms above, the diagnosis is – it’s a scam. Delete it from your account and move on.