101 for identifying fake emails and text messages (How to avoid online scams)

As someone who does not consider herself an expert in cybersecurity and protection against “thieves”, both physical and virtual, I have had my fair share of experiences.

For example, while trying on shoes in Paris, my purse was stolen in the store. It was my fault, as I was sitting on it while trying on the new shoes and didn’t take it into my hand right away when I got up. Someone in the store took advantage of this and probably slipped it into a bigger bag to hide it from me. This happened in a matter of seconds. If you know the type of handbags I carry, this may not come as a surprise. It made me angry and hurt, and it took me a long time to get over it, but I learned my lesson and I am grateful that nothing worse happened to me during my travels. It could have been much worse.

Another day in the past, I was shocked when I started receiving charges for flights, expensive clothes and more on my new and unused payment card from an unnamed foreign bank. I cannot even blame myself for it, as I have not used the card and have not even activated it yet. The bank insisted that the problem was on my end and it took a long time for them to return the money to my account.

As many of you, I also frequently receive calls from people trying to sell me things or obtain my personal information for “verification” purposes.

Fraudulent messages and emails requesting to click on links and enter card number or log into unknown sites are becoming a regular occurrence.

And I won’t even mention the various “heroes” who want to befriend me and take me somewhere but I have to pay for the flight first.

I assume you have also experienced something similar. I have a bigger issue with these virtual “thieves,” their anonymity and the difficulty of catching them. I cannot understand these people, and I do not understand why they do what they do. I once asked them during a fake phone call and they responded with “because we can.” Do we really have to behave badly just because we can?

Our society has years of experience with physical burglars and theft still happens nowadays. “Smarter” thieves trying to get money fast exist and will continue to exist. However, we are not so surprised anymore and have learned to be careful, what to do and what not to do to protect ourselves.

And although internet scams are still new to many, not everyone has the knowledge and skills to recognize and protect themselves from them. This is an area that deals with cyber security, but I understand that many of you are concerned about this topic. You don’t need to worry, it’s nothing scary and you can learn to be more cautious in the online world as well.

What are the most common situations you may encounter and why should you be vigilant?

1. Deceptive emails
2. Fake websites
3. Scam text messages
4. Fraudulent phone calls
5. Malicious applications

Deceptive email noticing process

The inspiration for writing this article came from a fraudulent email that I received recently. My email server correctly classified it as SPAM, but I always go through this folder because I find it entertaining and occasionally I come across a different type of email that is not actually SPAM.

I received an email informing me that the Financial Administration of Slovakia wants to refund some money to me. After reading and analysing it I just laughed at the incompetence of the spammers/thieves, but at the same time I got angry that the email might look convincing to many. Many people I know would have clicked on that link and forwarded the code from the email as well as their internet banking details

You would probably receive an email with the subject line sich as “Important Announcements Regarding Your Tax Refund for 2023” or “Additional Information About Your Tax Return for 2023.” At first glance, many of you might think, “Great! Money is always useful.” You would get curious and open it, right?

I took a more cautious approach. The grammar in the subject line caught my eye – personally, having lived abroad for a long time, I have a noticeable English word order when I speak pr write Slovak. But I’m not used to such word order from other Slovaks communicating in slovak language, let alone from government institutions. So it was clear to me that my spam filter did a good job. But my curiosity got the best of me.

So what should we look at when we see suspicious emails (but also text messages, fake websites, apps or phone calls)?

1. Who is the sender/owner? Does it make sense? Is it a legitimate part of a reputable institution? Also, check behind the name of the sender for the specific email address. It is sometimes possible that the signature will be even nonsense, like Treasury Department of the Ministry of Finance sending emails on behalf of the Internal Revenue Service. Or a Ministry location in the port of Bratislava?
2. If you are not convinced, look for obvious errors in the text such as incorrect law numbers or the lack of specific time periods, the use of words and phrases (“regular income” from tax collectors?, “you are duly qualified”, “helpful advice”, “if you happen to have”), or in grammar (word order, missing commas).
3. The last thing you should look at is where you want to click. Have you noticed the alpha letter instead of “a”?
4. If you are still unsure, access the specific website directly through its known address or use a search engine and search there, but never click on any links in such emails. You may find even more interesting results by searching google for the email’s subject or text. The Slovak Financial Authority has already warned multiple times about similar scam emails.

These types of emails aim to obtain your information or through a fake website, they lure you in to get access to things such as internet banking passwords, email accounts, social media accounts or company networks. The goal is to gain access to money, credit card numbers, personal information or cause harm, theft  and obtain contact information of future victims.

You may also encounter other variations of these fraudulent emails, such as phishing – for example, changing the bank details of your regular energy supplier or your insurance company, or fraudulent texts, such as smishing – for example, from the Slovak Post about a detained package from a courier service or from Ministry of transport for your highway fine (?), fake websites, such as spoofing – for example, fake websites of the Slovak Post, your bank, or Facebook.

Similarly, people with fake identities also try to lure money and personal information from you through direct communication and social media, or other applications that go viral due to some event or trend. We rarely fall for Nigerian and Jamaican kings and millionaires, whom we are supposed to inherit from, nowadays they use heartwarming stories of lonely heroes, who urgently need you to pay for their flight, but of course, something always happens …

Real scam phone calls are still being used for similar purposes even in today’s world. In the past, whenever someone from my bank called me and asked for my identity verification, I always asked them to have my personal banker, whom I know well, call me in such cases. They promised, but the calls did not stop (surprisingly, they really used to come from my bank’s call center, but fortunately they have learned their lesson).

I was shocked one day when a man called me on my Slovak work number and explained in English that he was from our IT department and urgently needed to connect to my work computer. He even started dictating to me what to enter in my web browser and couldn’t understand that I couldn’t see anything after “entering” all my login credentials. Of course, I didn’t move a finger and just kept talking and working on my stuff, but I kept him entertained on the line to save some other victim. At one point he asked me a question and I didn’t guess the background color correctly and so he realised and hung up on me while mouthing profanities. But let’s admit it, when you’re one of the few people in the company who can speak fluent English, what are the chances that your IT services are provided from Mumbai, India? Maybe he just dialed the wrong number, but he didn’t verify my identity, he immediately wanted me to connect…

In today’s world of artificial intelligence and direct translators, it might not be easy to distinguish whether a phone call is a fraud or real, so I recommend being careful of other phone calls that try to extract orders, addresses, or even your credit card number, or the access code for two-factor authentication that came to your phone (never gice away that one, please!). In any case, it also depends on what each person expects from people in the real world. I am learning to be suspicious, but I don’t always succeed.

And what to do if something like that does happen? Always take action, never wait until anything happens. There is a high probability that something will happen. Immediately change your password, preferably using a more complicated version, for example, replacing o with 0, l with ! or 1, etc. Play around with it and come up with something that you will remember and at the same time feel good about when entering that password. I know, it’s tiring and cliché, but it works for now, so why not use it. Use a password to protect your computers, mobile phones and other online gadgets connected to the web. Immediately after installation change the default password for your home wifi. Similarly, in case of a compromised company network, promptly inform the company’s IT department. And for financial matters, contact your bank, have your card blocked. And in the future, create a one-time virtual card. Don’t wait until the day when you spot suspisious transactions on your account and start wondering about the purchases of plane tickets to Hawaii…

And, equally importantly, please have a conversation about this with your family, friends, colleagues, children, parents, and grandparents. By doing so, they will also begin to pay attention and you can protect them from disappointment and despair. In any case, I wish you all the best and hope that nothing similar ever happens to you, and I also hope, or even better, firmly believe that wise minds will come up with ways to catch the thieves and such “clever tricks” and similar events will become a thing of the past, just like black and white televisions or landlines.

Summary: What to watch out for in regards to fraudulent emails, text messages, and websites:

1. Sender : Please verify that the website, email address, or phone number match the official address of the institution.
2. Grammar and language : Spelling errors, unusual word order, and unfamiliar phrases are warning signs.
3. Links : Never click on links in communication from strangers, unless absolutely necessary.
4. Use of personal information: Be cautious of any communication requesting personal or financial information.
5. Compare with official sources: If you have doubts, it is better to directly contact the relevant institution through their official website or by phone.
6. And use stronger passwords!

Slovak version of the text: Čo si všímať na emailoch a SMS (Ako nenaletieť online)