The scammers just keep getting better and better at faking stuff . . .

[britechguy]

This landed in my inbox (and not for the email account which is used with my PayPal account) minutes ago:



Since I've been using PayPal for years, and know the one and only email address that serves as my PayPal account login, I instantly recognized this as a scam. Even the PayPal logo is ever so slightly off.

But, for those who have PayPal accounts they seldom use, and who may not even think about the fact that this message landed in an inbox that's not for the address used with PayPal as a login ID, I can see how it can easily induce panic and get people to call the redacted phone number above.

Another case where, "Stop, breathe, and think carefully before taking ANY action," can save a lot of heartache. It doesn't take much thought to recognize the red flags, but it requires thinking before acting, which is precisely what these scammers are counting on NOT occurring.

 

[phaZed]

And it makes me think that the off-colored logo almost acts as a "filter out the people that use it often", function... as to avoid as many people that are even somewhat "in the know".

After all, the real PayPal emails are pretty simple and could be easily copied verbatim - yet, it is chosen not to do that (I would presume for similar reasons).

 

[Blues]

I love the crypto scammers who say I have some type of crypto purchase and it will be like 1.5 ETH for $900 which would be worth like $2800

 

[Larry Sabo]

The gramatical errors stand out like a sore thumb, to me.

 

[britechguy]

The gramatical errors stand out like a sore thumb, to me.

There is that, too. But it requires that you actually read the thing, first.

I actually sent a copy of this to my clients with an educational "red flags" list. I omitted the obviously horrid grammar, but should not have.

 

[Computer Bloke]

I omitted the obviously horrid grammar, but should not have.

No, you did the right thing.

Having had this conversation with many clients over the years it's become increasingly obvious that many native English speakers are no longer capable of recognising poor grammar, though they can spot a slightly-off corporate logo at a hundred yards with one eye closed.

You've just saved yourself from being horribly disappointed.

 

[britechguy]

@Computer Bloke

In the case of scam material, "more is better" as far as identifying red flags. Grammar and syntax that's just a mess is a definite red flag.

I'm certainly not beating myself up over that omission, but it's something that should have been mentioned. Quite a few of my clients are people with advanced degrees and who work (or worked) in positions where being able to write coherently was part of the job. But I also got responses from some of them thanking me, but also saying they have been getting way more of these scams than I have and mentioning that how they're written is a huge tip-off for them.

It just would have been, "Red Flag #6."

 

[Markverhyden]

I get dozens of those every week. To be honest they're all the same. Completely obvious that is scammail. The hardest part is training customers. I'll get emails from them asking about these scams, like Geek Squad security. It's been years of the same response - if you don't recognize it it's not going to happen. But maybe I've finally gotten through since I haven't had an inquiry over 4 months.

 

[britechguy]

I get dozens of those every week.

I must lead a charmed life (that, or Google's spam filtering is even better than I think it is) as I really don't get this kind of thing often at all. Less than one per month, that's for sure. And this is on email addresses that have been in use literally for decades now.

If dozens of these were getting through for me I'd be mightily annoyed. I do know people for whom it's more than dozens, though.

 

[Sky-Knight]

Do not rely on grammatical errors to detect phishing. ChatGPT is fixing that little problem, and will improve the quality of these mails tremendously. It's already in play, but the lower end scammers aren't quite there yet.

 

[britechguy]

Do not rely on grammatical errors to detect phishing.

One should not rely on any single red flag, though one should not ignore any one of them, either.

One thing is for sure, it shouldn't take a genius to easily recognize most phishing. Like @Markverhyden, the number of client queries as to whether a huge number of things are scams/phishing/etc. have decreased for me as I've educated them over time. My personal feeling of greatest triumph is one of my client's who's almost 90 who's stopped calling me because she had become so successful in ID-ing this stuff herself that she no longer needed assurance she was right.

 

[GTP]

"Stop, breathe, and think carefully before taking ANY action," can save a lot of heartache.

This is something that 60% of my clients were incapable of doing even after years of "training!"

 

[Markverhyden]

I must lead a charmed life (that, or Google's spam filtering is even better than I think it is) as I really don't get this kind of thing often at all. Less than one per month, that's for sure. And this is on email addresses that have been in use literally for decades now.

If dozens of these were getting through for me I'd be mightily annoyed. I do know people for whom it's more than dozens, though.

I've turned off all filtering on several email addresses that I use regularly. I've found it beneficial since I can then see a lot of what others see, which would not be the case with good filtering.

 

[frase]

Had one yesterday with a client, regarding domain renewal.