How to Avoid Falling for Email (& Phone) Scams
One of my friends recently took this picture of a 'totally legit' phone call she received and it got me thinking about the many emails I've received addressed to "SCAMMED VICTIM." Obviously in these situations you know what you're in for and know not to give the sender/caller "the necessary bank account information to claim your prize money." Unfortunately, scams aren't always so easy to spot and over the years scammers and spammers have gotten pretty good at deceiving their victims into handing over personal information, money, and more.
Recently, a domain scam targeting business owners has been in the news. This scam is not new - in fact we did a blog post about this Chinese domain scam back in June of last year. It's also not the only domain scam out there. Customers have also received fake renewal notices that actually result in them transferring the domain to another company that charges a lot more. When it comes to domain scams, I recommend being aware of where your domains are registered and making sure you are only dealing with that (hopefully ICANN accredited) company for domain renewals.
Of course the domain industry is not the only one who sees scams, so here are a few tips to avoid falling for email and phone scams:
Don't Give Out Personal Information, Especially Your Password
One thing that many companies preach is that they won't ever ask for your password over the phone or email. This is certainly true for us as we have a system that allows us to see necessary account information without ever knowing your password. In fact, to find your account in our system we don't need any personal information - just your domain name. If you receive a suspicious phone call that asks for personal information, ask if you can call them back instead. Then look up the phone number for that company, so you know you're actually calling that company. You can do the same for suspicious emails, which brings me to my next tip...
Don't Click on Anything
If you aren't sure if an email is spam or not, don't click on any of the links. If, for example, you receive an email from PayPal (who is often a target for scammers), just go to their website via your browser. By going to their website yourself and signing into your account from there, you have the confidence of knowing that you are not on some scammer's website giving away your personal information without even realizing it. If you have received a suspicious email that claims you need to click on the link provided, consider whether or not you expected to receive this type of email from that company. Did you recently log into your account and make a change that needs to be verified? Did you recently forget your account password? Has there been a breach of that company's customer account information in the news?
Do Your Research
Speaking of customer account information breaches, back in December, Target's customer information was stolen. The company handled it fairly well and decided to offer customers a year of free credit monitoring. I am a Target customer and I received an email with the offer. Now in order to have your credit monitored, you need to give the monitor some very personal information - including your social security number, which is not something that should just be given out without another thought. To make sure this email was legitimate, I did some research. In this case, since the breach was so public, I quickly found out that this email was not a scam. As a result, I did successfully sign up for their free credit monitoring.
Unfortunately, not all the potential spam messages will have such public, easy-to-find info. However, you may not be the first person to receive this type of email. Try typing a few things from the email you received - the email address it was sent from, the subject line, the body of the email, even the suspicious link - into a search engine and see what comes up. If it's a common scam, you probably won't have too much trouble figuring that out.
If you're still not sure whether something is spam or not, you should contact the company directly to find out whether the call or email you received was really from them. If you're sure the call or email was spam, you should also contact the company that it was supposedly from to let them know. Companies actually want you to report any fake emails or calls to them. This helps them combat the problem and keep customers informed. I know we want to know if our customers are receiving domain scams. If you do receive a domain scam, please email us at email@example.com. Finally, you should also report the email as spam to your email provider. That way hopefully your spam filter will catch it for you in the future (and if it's not spam, you should also add the email address to your safe list, so you don't have to wonder next time).
In the words of Alastor "Mad Eye" Moody, "constant vigilance, people!"
Post by Robyn Norgan