How to tell if a suspicious email is legitimate
Recently a friend of ours received an ominous email, purportedly from Gmail, indicating that his email account would be shut down. How could you tell if it was legitimate?
Here is what he was sent:
From: Gmail ! <firstname.lastname@example.org>
Date: Tuesday, July 28, 2015
Subject: CONFIRMATION OF YOUR IDENTITY
His Name <Email address removed>
GMAIL inform you that pursuant to Decree No. 2011 476 of 21 December 2011 on the identification of subscribers GMAIL service for free GMAIL account.
You obligation to identify you to avoid suspending your account in the next 48 hours by our audit services.
Please identify to complete the chart information below.
Click "Reply" fill the grid information then click on "go" once the completed document.
CONFIRMATION OF YOUR IDENTITY
PLACE OF RESIDENCE:
ALTERNATIVE ACCOUNT (AID):
BIRTH DATE :
Thank you for your understanding.
The Gmail Team
This is somewhat of a phishing email (not a spelling error - Phishing - Wikipedia definition), in which the sender attempts to get personal information from you in order to steal your identity.
A few points that helps to indicate that email as junk, in order:
- Email is inherently not secure, so nothing highly confidential should be sent via email. Nothing that you would not be made public. There are some secure ways to configure email, with encryption.
- No legit company will ever ask for your password in an email.
- A company like Radar Hill, who you trust and work with one-on-one, may ask for a preferred password when assisting you with setting up an account, and we indicate how to change the password.
- If you ever receive an email from your bank, credit union, PayPal, or any organizations that deal with your money – usually telling you there is a "problem with your account" – and the email wants you to click on a link to log in: do not do it. Instead, open up your browser and go to the webpage (www.paypal.com, for example) and log in like you normally do.
- Secret question: Would not be asked in an email. It would be asked if you had to phone Google because of an issue with your account, to verify that you are you.
- Poor spelling/grammar.
- Profession and birth date: this is irrelevant to Gmail.
- Good information for these scammers. If the profession is Walmart Greeter or Financial Planner, they can guess what one probably has a bigger bank account.
- Quoting an obscure, official-seeming regulation.
- Sender: email@example.com. Why would Yahoo use a Gmail address, or why would someone from Yahoo want your Gmail details? They are competitors.
The goal of these scammers is to get as much information from you as they can. Sadly, it seems too many people use the same password, and same security questions, across multiple accounts. Once scammers get access to one account, with a little bit of work, they can gain access to other accounts. Someone may have nothing of consequence in Gmail, and fill this out, and not notice any change in Gmail. But the scammers would use that info to try to log into other accounts: email, social media and banking. One may connect to another because most accounts ask for an alternate email address. That enables them to work through all the steps, gain access to the accounts, and steal your identity. That is one reason some accounts send an email when a password or a significant account detail has been changed: as a warning.
If you are wondering how to keep track of all your passwords and accounts, you can write them down, or use a legit cloud program like one of the ones listed under Password Tip on our blog at http://www.radarhill.com/blog/march-tips-tricks-shiny-stuff/
Vigilance is the price of keeping our identities safe!