From your car's extended warranty to the threat of losing your Facebook page, we've all experienced some kind of scam attempt. Most are pretty easy to catch, but others are pretty darn convincing, and it only takes one to get you in big trouble. Here are a few ways to help you identify these imposters so that you don't get taken advantage of.
Phishing scams are not usually designed by brilliant writers. You'll often see strange spelling errors, awkward grammar, or just plain gibberish. While not everyone speaks perfect English, you can safely assume that a message from an American-based company such as Meta, Microsoft, X, etc. will generally be written by a native English copywriter who writes messages like these every day. Of course, this isn't a foolproof method. If you aren't a strong writer, or if English isn't your first language, it might not be easy to spot these errors, but it's a good start.
I'll take my chances, thanks.
Even a well-written scam can be spotted by its dubious origins. For example, let's say you get an urgent email from Microsoft saying your account has been compromised and you need to click this link to fix it. However, you notice that the email address is [email protected]. A company like Microsoft would never, ever send an email from any address that doesn't have a domain specific to their company, so you can assume that this one is fake. Similarly, if you're getting messages on your Facebook account claiming to be from "The Facebook Support Team", you might think it's weird that Facebook sent a DM instead of an email. That's because it is weird, and this is a scam. Often these messages will be from shady usernames like "FacebookSupp0rt" or just regular names of people (see example below). In cases where you do receive a DM from these accounts, you can safely click on the account name (NOT the link!) to see if the page seems trustworthy.
Rebecca AI kind of sounds official. Let's investigate.
Something tells me this isn't an official Facebook Support page.
If everything looks legitimate so far, take a look at the link you're meant to click. Chances are, any important link from a large corporation would look official, such as www.meta.com/help. If you see a link that doesn't clearly indicate where it leads, watch out! Often, you can hover your cursor above the link for a preview of the site or address without clicking. If you don't see the company name in the address, don't click it. Shortened links like bit.ly are often indications of a scam link. Some scammers will also add attachments to emails that contain malware, so if you have any doubts, don't open those attachments!
Thanks, link preview!
If you're still not convinced, use a search engine. If you get an email that says call Microsoft Support at 1-800-NOT-SCAM, take a minute to Google that number. If it is a legitimate number, the company will have it listed as an SEO keyword under their web domain. Most of the time, people report scam links/numbers/emails as well, so if it is a scam, it will likely show up identified as a scam by other users. If you get a suspicious message from a big company, you can also search for that business + “scam” to find helpful tips on common scams, often from the company itself.
These companies don't want you getting scammed either.
Does the message make sense? Ask yourself: Would this platform really send me a DM about shutting down my page, or would I get an email? Would this company ask for my personal information via DM? Would this company ask for payment in the form of bitcoin or gift cards? While it's not always this simple, usually the answer to these questions is a definite "no".
Examples
This was a phishing test sent from Lenovo. It's clever, but if you look closely you can notice some suspicious things.
- The first sentence is worded awkwardly and there's a comma splice.
- It doesn't say why the messages are being restricted. We're so used to seeing messages like these that we automatically assume it's a virus scan, but a real message would clearly state why the messages aren't being delivered.
- When hovering over the Release Message link, I can preview a very long, bizarre address that doesn't mention SharePoint, Lenovo, or Microsoft.
- An email from Lenovo Support would have a Lenovo email. Also, Lenovo Support wouldn't be the ones contacting me about my email. Lastly, they aren't called Lenovo.com Support.
- The email address is SharePoint, the sign off is from Lenovo.com Support, and there's a Microsoft copyright from 2020. So which one is it from?
- Emails from SharePoint are typically from addresses ending in “@sharepointonline.com”.
- The copyright information has multiple typos (All rights reservedd, Privacyy Notice). Additionally, “Acceptable usage policy” and “Privacy notice” should be links that take you to the corresponding copyright information.
If you're still not convinced, consider this: If there are 6 urgent emails waiting on you, someone will contact you. It may be another email, a call, or a Teams message, but no one is going to let you ignore something important without following up. You can also reach out to a team member and see if they received a similar message.
This one is a little bit trickier, but there are still some indicators.
- Who is Johnjuszczyk Rhodes and why are they using their personal account to DM a Support message?
- Be suspicious of any message about your page that doesn't include any personal information. Facebook typically uses your name in any correspondence.
- Facebook doesn't “schedule” pages for removal; pages found in violation are immediately disabled. Additionally, Facebook would show you the post that is violating the Facebook Terms of Service (not trademark rights).
- If your page is disabled, Facebook sends an email explaining why it was deactivated (not DM). You may be able to appeal the decision in some cases, but never by submitting a “complaint” to a shortened link that doesn't direct to a Facebook/Meta domain.
- A company with as many users as Facebook will rarely invite you to simply reach out to them. Usually, Facebook directs you to their Help Center for FAQ.
If you're still worried about the validity, open another browser window and try to log in. If your page has been disabled, you won't be able to. If you can log in without issues, the message is a scam.
Scams come in all forms, and scammers are getting more convincing every day. It's not always easy to spot, but by following this guide, hopefully you'll be able to avoid most of them.
Do you have any other tips for not getting “caught” in a phishing scam? Comment below so we can all stay safe!