We have known for decades that many bank emails are fake, designed to steal data, scam or install viruses and keyloggers. Unfortunately, scammers are getting smarter every day, needing special attention.
I recently wrote an article about alleged hacks that hacked into your computer asking for ransom with bitcoins. This time I want to talk about how these scams are reaching levels that fool even computer experts.
If you are already aware of email scams, probably the first thing you do is look at the sender of the email, but I want to make it clear in this article that this is not enough. Nowadays scammers are able to send original e-mails from bank domains.
Glossary of Article Terms
In this article I want to teach you how to avoid and identify email scams. Maybe you are a layman with internet, for that reason I will leave below a small glossary that summarizes some words mentioned in the article.
Domain - Refers to the URL or Link of the website. For example, the domain for this website you are reading is [kevinbk.com]. The domain of famous banks are [paypal.com] or [itau.com.br], if you are on a website with links other than this, it is probably fake.
Links - They are addresses of the websites you enter or access. Links are like domains, but have longer paths that lead to a particular page. Pay close attention to the words on the link to see if they are authentic.
Why am I writing this article?
Today I opened my email and came across the following message:
The first thing I looked at was the sender. I realized that the sender belongs to the bank's original domain “itau.com.br“. So in the first few seconds I didn't suspect the scam, I even wanted to send an email to my manager asking about it.
I usually see that some of these emails, even though they belong to the original sender, have some dots in the recipient that indicate they are fake. Usually disguising the name with an email, or using other recipient fields.
As this had none of that, then I started to consider it as true. I only suspected the font color of the button Accessing the Itaú Portal and also the text and the i-token tariff that personally, it doesn't make sense to exist.
Until I surreptitiously suspected the links in the email. I noticed that it directs to domains that don't make sense. The link, besides being giant, redirected to a fake domain itau-requerimento.com and itau-internetbankinggo.com;
How do I know if an email is real?
As already mentioned in my previous story, I will make a list or checklist of steps to identify whether an email is fake or not. If you have any questions about the terms mentioned in the article, read the glossary at the beginning of this page.
- see the domain who sent the email, is it reliable?
- See if there is any indication of e-mail being forwarded or with many recipients;
- Make sure the colors and fonts are really the same as in official emails;
- Check that there is no image with descriptive texts of the company pasted in the email;
- Check the domain of the links present within the article;
- Pay attention to the content of the email;
No bank or company sends emails saying that your account is going to expire, that you need to update something, or that you need to pay a fee, most of the time this is all fake. Pay attention to the content of the emails.
If you start to believe certain content of the email, directly access the site instead of clicking the link. There are even scams using Mercado Livre and Mercado Pago with new sellers who start using the platform.
Fake E-mails received from banks
I'm going to leave the contents of some fake emails below in order to help those who have questions and search for the contents of the email on Google. I recommend sharing this article with as many people as possible so you don't fall for scams.
Below the supposed email I received from Banco Itau:
IMPORTANT WARNING !!!
Through this e-mail, we want to remember that the account linked to your security device (iToken App / Keychain) has a registration update pending in our system, making it impossible to fully function, and consequently, making your access to the security channels possible. attendance:
• ATMs • Internet Banking • Itaú Application • & nbsp; temporarily inactive. thus, transactions such as transfers and payments can only be carried out through your home agency, with the presentation of your debit card.
We make it available in our system to update them, thus avoiding the payment of R $ 94.49 for the issuance of a new security device.
Below is a fake email from Paypal talking about a limited or about to be disabled account:
Your account has been limited.
We've limited your account
After a recent review of your account activity, we've determined you are in violation of PayPal's Acceptable Use Policy. Please log in to confirm your identity and review all your recent activity
You can find the complete PayPal Acceptable Use Policy by clicking Legal at the bottom of any PayPal page.
Below is a fake email from amazon talking about pending orders:
We have placed a hold on your Amazon account and all pending orders.
We took this action the billing information you provided did not match the information on file with the card issu ᥱ r.
To resolve this issue, please verify now with the billing name, address, and telephone number registered to your payment card.
If you have recently moved, you may need to update this information with the card issu ᥱ r.
Simply c ᥣ ick on th ᥱ button be ᥣ ow: