Recently, there have been a spate of emails going around from a Chinese firm stating that a company wants to register in the Asian region and the sender of the email is asking if you want to get in there first, or similar.
Of course, this is a scam. A somewhat ‘good’ phishing scam – if there ever was a good phishing scam.
We at Create Labs had one ourselves a few weeks ago. After checking the senders email address, and the address given at the bottom of the email and the company they are looking to register, we found a trove of users on the internet with the same problem. A Chinese company stating they are working on behalf of a client who wants your domain.
What is Phishing?
Phishing (pronounced ‘fishing’) is what it says on the tin. A scammer throws a lure into the waters of the web, and waits for a bite.
These emails are generally not targeted at one specific individual, however are cast out to hundreds, thousands, even hundreds of thousands of users at once with generic information in the body.
These days, you don’t even have to open attachments for a device to be infected or just tracked – marketing technology uses a small image 1 pixel by 1 pixel to see if the user has opened the email.
Similar to opening your front door to cold callers or chuggers – once you open that door, or talk to someone, they know you took the first bit of bait, and now they just need to reel you in.
Sophisticated, no? We do it too at Create Labs for our clients but on a much less malicious scale – using pixels to track emails being opened, as a large number of emails costs clients a lot of money.
But we’re here to help you will any kind of email phishing scam.
Rule of thumb: If you weren’t expecting it, don’t open it.
If someone turned up at your front door with a parcel you weren’t expecting, would you be suspicious? You should take the same caution with emails, too. And get a spam filter.
How can this Chinese email scam affect me, though?
Well, it doesn’t have to affect you directly, it can also affect you indirectly. If someone fell for this, and gave a scammer access to their web hosting, the scammers would have unsupervised access to anything and everything held on that server – your name, your email address, your payment details.
But this goes for any email you weren’t expecting or even is slightly suspicious. For example, those emails claiming to be from large reputable companies such as Apple, Google, Amazon, or Netflix.
So here’s some tips on what to do if you suspect an email is a scam or phishing email:
- Check the sender email address: Sophisticated senders will spoof the email address to look legitimate, but the actual senders email won’t be from the authentic domain address
- Check the spelling: Does it read properly? Are there any broken phrases or missing letters?
- Do they call you ‘customer’?: This is a big one – phishing emails will not know your name
- Do they use your email address as a name?: Again, like calling you customer, they don’t have your full name
- Is there a sense of urgency to the email?: Don’t click any links, but go via your own browser to the companies web address and log in to your account that way. Clicking links is dangerous as they will most likely take you to a fake website
- Use a wrong password: If you’re suspicious of a website or email that you think could be fake, always enter a fake password first. If you’re kicked back out, it’s real. If it lets you in, it’s a fake site.
If you’re still unsure or could do with more information, we at Create Labs have an online training package that might come in helpful. Our Phishing Essentials elearning is available through our eLearning portal.