Email Scams
Email scams are some of the most commonly reported types of attacks. These scams target members by sending them an email that appears to be from a well-known source such as a bank, a mortgage company, or DirectLink. It asks the consumer to provide personal identifying information. Then a scammer uses the information to open new accounts, or invade the consumer’s existing accounts.
These are also known as "phishing emails", because they are "phishing" for your personal information. This term originated from scammers using the telephone, hence the term is a shortened version of "phone fishing".
Here is an example of a reported email scam:
You'll notice when you hover over the link in the email your browser will show where that link actually goes in the lower left. It doesn't match the proper "directlink.coop" domain showing. This is one great way to check if the email is legitimate.
Identifying Scam Emails
These are some common things that you can look out for when looking at an email to guage whether you can trust it or throw it in the trash.
- Requesting sensitive information via email - Almost all legitimate companies will not ask for personal or private information by email. DirectLink for example, will talk to you directly and authenticate you with an account password before asking or giving out personal information.
- Using the wrong name or no name - Scam emails will often not have correct information from you and will use a generic greeting such as "Dear valued member", "Dear account holder", or "Dear customer". They may also just use part or all of your email address, since that is all the real information they have for you. If a company you deal with required information about your account, they would likely use your proper name.
- Mismatching or unusual email addresses - Scammers don't own the proper domain that are attempting to use to trick you. They will often try to hide their true email address behind a name or faux email address. You can usually hover over the "From" address or click "show message details" in your email client and this will show you the actual sender's email address.
Example:
- Mispelling or bad grammer - An email from a legitimate organization should be well written with proper grammer and punctuation. If you see a misspelled word or no capitalized sentences, etc. you are probably looking at a scam.
- Forced or hidden links - Sometimes emails are coded entirely as a hyperlink, so accidentally clicking anywhere in the email will open a fake web page or download malware to your computer.
- Unsolicited attachments - If an email has an attachment that you didn't ask for, be extra careful. Attachments are a perfect way to attack an unwitting user. If you download and open an attachment, this gives full permission for scripts to run and take over your PC.
- Unmatching or irregular links - As shown above, links can be more than meets the eye. An underlined word or image could link to anything. Your browswer will allow you to hover over with your mouse curser and you should see what URL its pointing to. Make sure the domain is legitimate. It's a good idea to look up the domain and separately research it before clicking on a link.
In general the best way to verify the authenticity of an email is to go to the source. If you see an email from DirectLink asking for something, please give our Member Services a call at 503.266.8111 to verify and talk with us directly.