Could you spot a scam email?

Is that quiz in the above Convo for real ? .I labeled them all fake , it said 3 out of 7 but some got passed you ?? Really ?? NONE got passed me , I pass myself 100 % safe . Because some were real you judged them as allowing fake ones to pass through -wrong ! . Thats twisted logic . For the record —its been many years since I let an bad email through–scammers/ rip-off emails / phishing emails etc . In the early days of Internet use –yes but now I can not only see them as fake , I can smell them as fake, Look at the URL for a start and there are other ways to see if it is genuine or not.

11

|

Reply Hide replies ∧

Member

tim says:

Fully agree, Duncan. I’ve just failed the first example(by marking it as fake). But the loss for marking a real email fake is minimal compared with the other way round. And the test emails did not allow you to test where they’d come from or where the reply would go. OK as consciousness-raising exercise, but must be marked down heavily for not taking into account relative risks!

1

|

Reply

Member

Marilyn Smith says:

28 September 2016

Lucky you – after the first one all I got was black, blank pages!

0

|

Reply

Member

duncan lucas says:

28 September 2016

Marilyn – do you have any security plug-ins relating to java script or other types ? I have disabled two of mine on Which otherwise I would have big problems .

0

|

Reply

Member

wavechange says:

I agree with Duncan. No responsible company should be expecting us to click on links in emails. The only safe advice is to ask us to look up the contact details of a company (or other organisation) and contact them. I have not been scammed and don’t expect to be.

8

|

Reply

Member

malcolm r says:

I managed 6/7, but a couple I put as real i was nervous about because they contained links. I ignore any links in an email and go direct to the site, either through a web search or, it is my bank etc, through the link I have stored. You never know whether a link purporting to be an email response, or an opt out, is what it says. (Well, experts no doubt know looking at the URL, but most won’t I suspect). We should encourage institutions that may make us vulnerable not to use links.

9

|

Reply Hide replies ∧

Member

wavechange says:

URLs can be spoofed, just like email addresses. Many of the links don’t even show the URL, just a button or highlighted text. This has been known for years and it needs more than encouragement to address the problem.

Which? should not recommend any company that fails to take security seriously.

7

|

Reply

Member

duncan lucas says:

wavechange – email URL,s can still be spotted even if they block you by “boxing” part of it and adding > which stops you getting the full URL . As a matter of fact (BT are you listening ) a persistent guy is still trying this out thinking i am stupid enough to to click on porn etc . Never going to happen ! but it shows up Critical Path very badly.

2

|

Reply

Member

duncan lucas says:

For a deeper analysis , for those unsure of whether to click on a website go to -scamadvisor.com and urlvoid.com , input the website and they will let you know if it is legit or not . Both of those organisations are of long standing and good reputation on the web.

0

|

Reply

Member

dieseltaylor says:

Rather an idiots quiz. I spotted all the possibly true and all of the fakes. However as I have no relationship with the banks and organisations mentioned that were true the correct response is do not click on them at all as for me they are fakes.

Given I always have the email send address and everything else open in my browser I always check this info.

If one does not have this info open, or if it does not appear on smartphone screens I can understand more why people might be conned.

Incidentally because I also have a No-script script blocker open by default I could not see the quiz at all. Perhaps Which? ought to mention that you need to reduce protection to see the quiz.

In case you wondered there seems to be 16 active companies on this page other than Which?. Google featuring prominently.

1

|

Reply Hide replies ∧

Member

duncan lucas says:

Diesel I didnt want to be impolite with Which so I mentioned the number of trackers here I didnt make a big issue of it as I have made “concessions to Which and WordPress in that they allow me to post as I am a bit radical and WordPress is actually used in some US radical sites I post on , so I think it has a Liberal attitude when compared to fox news CNN and a whole host of US websites where I was banned right away . I have 429 trackers blocked on Privacy badger , except wordpress but I have blocked all the Google trackers you talk of . There are 45 Google trackers blocked but only a much smaller number apply to here . Like you I have NO Script but in another obligement to Which I labeled it safe (white listed ) which allows me to use the quiz . Diesel I wouldnt be too harsh with Which there are much ,much worse websites on the Internet. I also have two other comprehensive blockers that are even better than some anti-virus companies when blocking bad URL,s and virus websites as well as HTTPS everywhere + clean links . Yes it slows Firefox down and some sites look text only but I can live with it for safety.

0

|

Reply

Member

Patrick Steen says:

The quiz software is developed by a company called Riddle. On the other cookies – all the Amazon URLs relate to our server as we use Amazon Web Servers, based in the EU, to keep the website up for you to access. Google Analytics is how we track the traffic to the website, which pages are visited and where the traffic has come from. DoubleClick relates to the panels you sometimes see on the right-hand side, showing our nuisance call reporting tool for example. I hope that explains what those are.

If you’re interested to read about our cookie policy, you can here: http://www.which.co.uk/privacy-policy/cookie-policy

And I hope you found the quiz fun nonetheless – we’ll post the statistics on how everyone is doing at a later date 🙂

0

|

Reply

Member

william says:

Too easy 7/7.

So to getting scam emails, I guess my provider does a good job of blocking 99.999% of them, although they do tend to block a fair number of legit emails too.

I do hate it when companies embed links in emails but use different words to hide the actual URL. Hello, that’s exactly what scammers do. Banks etc should be banned from doing it, so at least, the scam emails will be more obvious to spot. They should also be banned from routing through ad mailers website too for the same reason.

4

|

Reply

Member

John Ward says:

I erred on the side of caution and put the E-Bay one down as a fake. I am not familiar with how E-Bay writes to people so it was a right-side failure. I got all the others right after due consideration but was not happy with some of the genuine ones. I have written before about the sloppy use of language and casualisation of serious messages from commercial organisations and I have taken it up with companies to no avail. The E-Bay one was a good example of a bad communication and I was very disappointed by the NatWest one with clumsy language, an “&” in a sentence, and the command “logon” shown as all one word. Companies must write correctly and carefully if they want to distinguish their communications from the increasingly clever scam messages. Trying to be friendly in official communications plays right into the scammers’ hands with their love of contractions [“you’re”], exclamation marks, and false courtesies [“sincerely”] as it makes their text more plausible.

I agree with previous comments that there need to be much better safeguards before people are invited to click on links; my building society at least gets my name right and includes my postcode as a reality test. Not perfect, but it’s a start. I would prefer it if they wouldn’t send me marketing messages but if I unsubscribe I am concerned I might miss something rather important one day.

4

|

Reply

Member

Peter Butler says:

My bank ALWAYS addresses me by name that’s why a I said the Nat West one was fake. I studied them all for just a short time to make my decision about them. Take your time with all Emails and if in any doubt as someone else’s opinion or just delete. You must play safe with unexpected Emails

4

|

Reply

Member

dieseltaylor says:

Can anyone tell me if smartphones only show limited source information ? I get them exceedingly rarely and never from unknowns.

It seems very important that if more people are using their phones for banking [or is it using the smartphone more often?] then there must be high security levels and seeing the source is important.

0

|

Reply Hide replies ∧

Member

duncan lucas says:

Diesel- all cell-net phones have different methods of finding URL,s on them. But as usual, in the US you can get all your calls monitored and be able to download all the info of who called you —at a price . Again as I have said before not available from our “great ” UK exchange service.

0

|

Reply

Member

jacqueline Dickinson says:

If I don’t know the sender personally, I just delete every thing. If I miss something genuine, tough.

6

|

Reply Hide replies ∧

Member

duncan lucas says:

Now thats the right attitude Jacqueline !

1

|

Reply

Member

duncan lucas says:

Diesel you were talking about trackers and I said there were worse than Which. I get emails from a government dept dealing with public info on Brexit etc and decided to click on one item dealing with Brexit –it was blocked by another specialised blocker which announced I would be tracked by their servers –fair enough but I was aghast when not only did it mention that server ,it mentioned I would be tracked by an AD server – thats right making money out of giving me info by using third parties to try and find my choices and hit me with them . Best of luck as three of my blockers block ads so it wouldn’t have worked anyway , but sly ! and the government too . So ,as I said dont bother about Which it could be worse —much worse !

0

|

Reply

Member

Bernard Hunter says:

Is Which really telling us it is ok to click on a link in an email when we cannot be sure who sent it (first example re eBAY)? Surely that has to be incorrect advice.

5

|

Reply Hide replies ∧

Member

duncan lucas says:

That got me worried too Bernard , thats why I put them all down as scamming in the quiz . While I can spot any dicey email the scammers are getting very good at reproducing the real thing .

1

|

Reply

Member

Patrick Steen says:

Hello Bernard, thanks for your comment. The quiz is simply spotting the real emails from the fake ones. It shows how sophisticated some of these emails are getting.

Some of the real ones aren’t great. For example, the email from Natwest, although real, does not address the sender by their name. This is something all banks should do – we contacted Natwest who said they are going to update their systems to ensure this is done in the future.

This is why our scams campaign calls on companies to do better to protect their customers from scams.

0

|

Reply

Member

wavechange says:

If the NatWest email had been sent to ‘John’, some people could be taken in. Including the full name would be better, but some people have common names, for example John Smith. In any case, it is easy to find people’s names, judging from the amount of junk email and nuisance calls many of us receive.

I don’t mean to be rude, but please can you tell those who advise us about security that the only safe approach is not to click links, and if the email is from a company or organisation that you have dealings with, to look up their contact details and make contact with them. I wonder how many people could be scammed by following the well meant advice here.

Sorry Patrick – I realise you are only the messenger.

4

|

Reply

Member

duncan lucas says:

I must back up wavechange here , again it is not meant as a criticism against you Patrick. If you accept that the US is mostly ahead of us in many public departments relating to safety of the nation and its citizens and that I have a lot of inner knowledge of how they work, like the NSA/FBI CIA etc , one thing they do that I actually like is comprehensively protect Joe Public US . The FBI and other government departments advise NOT to click on links in emails , they are quite explicit in this and the seriousness and care they take with their own citizens in reporting /investigation on public behalf ( just visit their websites for info ) makes me wonder whats going on in this Convo.

1

|

Reply

Member

John Ward says:

To be fair, the UK government consistently warns people not to click on links in e-mails and to check the authenticity of communications. I wish our banks would support the official advice and not include links in any of their customer communications. I feel that the standards in banking should be higher than in commerce generally. There are thousands of e-mails which contain links, for example the Which? Connect surveys that arrive every few days, and for convenience I do indeed click through to the survey . But then, I trust Which? and would be more hesitant with an unknown or irregular e-mail.

0

|

Reply

Member

Graeme says:

3 October 2016

My bank would never contact me by Email. In the past they have sent a letter to me and asked me to verify the letter in my nearest branch before giving out any information. Now that’s what I call security

0

|

Reply

Member

sue says:

Several of the emails were from banks/companies I don’t deal with and would therefore have ignored. At least one was from a bank I do have an account with but they do NOT have an email address for me so I would have instantly have deleted it.

3

|

Reply

Member

david raymond says:

If in doubt call the “sender”

0

|

Reply

Member

Malcolm Parnell says:

I think that this quiz is simply to highlight the methods used by scammers and raise awareness of them rather than a check on which banks etc you already use and familiarity with how they contact you. I got 6/7 right, the Pru one I got wrong by erring on the side of caution, on a matter of principle I NEVER click on a link in an email about ANY financial matters but go to the website via a stored link. On another matter of principle I NEVER disclose personal details on websites which I’ve visited as a result of speculative, unsolicited emails.
Occasionally I google email or web addresses to check out a company or email for a possible known scam before doing anything (except delete it) then if doubtful alert family and friends. Bottom line is you can’t be too careful but there are a lot of good things out there too and not everything is a scam so judgement, experience, knowledge and care are the order of the day.

1

|

Reply

Member

Meryl Johnson says:

I got 5 out of 7 but the last two I wasn’t sure about and said fake instead of real. I’d rather be safe than sure though.

4

|

Reply

Member

Ron Ravenhill says:

Failed just one, Q3 Barclays. I totally disagree Which as, it states to login online. If you login online to any financial institution with that financial institutions official link saved, and not that in any e-mail, it’s then you would discover it’s a fake, and not from the example alone. Anybody agree/disagree.

1

|

Reply

Member

Stuart says:

I got them all correct except the NatWest one. Apart from “Dear Customer”, I would be suspicious of any communication that uses non-words such as “pre-advice” and “logon” instead of “log on”.

2

|

Reply Hide replies ∧

Member

John Ward says:

The NatWest example was very badly written and presented. I wonder how long that particular template has been in use without any competent person in the bank reviewing it. Rather worrying really. I should have thought it would be an internal protocol for any mail-outs to be submitted in draft to their fraud prevention team for clearance. In a sense it’s been an own-foot shooting exercise for them because many customers would have regarded it as a scam and disposed of it. Ideally, banks would not send out any customer messages by e-mail as it is all too easy for scammers to mimic the template for their own fraudulent purposes.

2

|

Reply

Member

wavechange says:

The cost of scams will to some extent be shared by other customers. Efforts to get companies and other organisations to improve the standard of their written communication has generally been effective, so perhaps we need to focus on security issues.

I don’t know how much fraud costs business, but employing someone competent to critically review all forms of communication is likely to be money well spent.

1

|

Reply

Member

John Ward says:

It is likely that the perpetrators of scams have accounts with the banks whose customers they attack so they can be up-to-date with the types of communication routinely issued and model their e-mails accordingly. In fact, they are probably ‘valued customers’ if their criminal efforts are successful.

0

|

Reply

Member

AnnaDan says:

7/7 right. Not such a stupid 82 year old!

3

|

Reply

Member

Robert Harding says:

Sorry Which? but I’m not impressed by your fake email quiz. You gave me 4/7 but didn’t observe that I spotted all the real scams, and classed 3 of the “genuine” ones as unsafe because a) you didn’t give me the chance to check their “from” addresses, and b) they all contained links that I couldn’t examine, and c) no security conscious organisation should EVER present a link in an email. There should just say “log in to you account and check ….”. No-one should EVER click on a link in an unsolicited email. It annoys me that eBay is sending out that “check you details” email in that form, for example.

4

|

Reply Hide replies ∧

Member

DerekP says:

I agree with the principle of “No-one should EVER click on a link in an unsolicited email. ”

Simple rules like that can help keep us safe. If we have to stop and think, then we risk making errors that compromise our security.

I recently contacted my bank after a targeted but unsolicited call from them, which had asked me to confirm my identity by giving details such as my date of birth etc. I refused because it is poor practice to disclose any such details in response to an unsolicited call. When I refused, the caller hung up – which made it seem even more like a scam. My subsequent contact confirmed that it had been a genuine “marketing” call.

2

|

Reply

Member

Patrick Steen says:

Hello Robert, thanks for the comment. Some of the ‘real’ emails weren’t great, so well done for being cautious. We’ve asked Natwest to ensure they use the customer’s full name, for example. I’ve also tweaked the end of the quiz to reference that you may have been extra cautious.

0

|

Reply

Member

DaveH says:

What a very silly quiz. I’d normally hover over email addresses and links, to detect dodgy emails, but can’t in this quiz. Waste of time.

0

|

Reply Hide replies ∧

Member

John Ward says:

Yes. Dreadful. 72 seconds down the drain. Whatever next?

0

|

Reply

Member

Patrick Steen says:

Hi Dave, that’s good advice to do that. It’s hard to add that functionality into the software, so we’re just testing the visual cues to spot in emails.

0

|

Reply

Member

malcolm r says:

Email received
“We are looking for UK residents to test the Dyson DC50 Multi floor Vacuum Cleaner against the Philips FC8810/01 Robot Vacuum Cleaner

Can a robot vacuum cleaner really do as good job as the Dyson? Does the Dyson even compare to the vacuum cleaner you currently use?
If you are chosen as one of our product testers, all we ask is that you provide us with an honest and fair review and in return, you can keep both products with our thanks.”

Is this too good to be true……….? Anyone know? I wonder how many will reply to it with what consequence. Just a hard sell? Or………

0

|

Reply Hide replies ∧

Member

wavechange says:

I’ve not seen that one. I guess its for suckers and they will take them to the cleaners.

2

|

Reply

Member

duncan lucas says:

Another scam malcolm , its one of many in the same vein that are aimed at information gathering —YOUR information . They usually mean you have to fill in your personal details in order to qualify for the “prize ” (non-existent ) – quote- so that the prize can be delivered to you we require this or that personal info. There is no way shape or form that the robot vacuum could practically compete with the Dyson . Even if it was kosher I have looked at those emails that other people get over the years and they want your info for third parties . Dyson are not doing well on those ball vacuums in comparison to their older models which I have , they turn up in droves at car-boot sales selling for £30/£40 but try and get an older model and your talking £50 .

0

|

Reply Hide replies ∧

Member

malcolm r says:

If it looks too good to be true………………… But I wonder how many people will respond?

I’ve also had a spate of emails offering 500 GBP vouchers for different supermarkets. Not from the supermarkets of course. Why should anyone want to give me 500 GBP………..?

And a “free” ipad – offer extended – with life insurance. Small print “* iPad Mini offered on selected insurance policies, requires a minimum monthly premium of £100 and a policy term of 12 years or more.* On selected products .

People need to learn just what “free” doesn’t mean. That “free” ipad mini that you could buy for £300 will come only when you agree to spend £14400 minimum.

0

|

Reply

Member

duncan lucas says:

And it is too good to be true malcolm , although I have found many like it on the web seeming to be the “real thing ” I have also got conformation I am right .-Product testing scam promises free iPhones and other fake gadgets – 6-7-2016 you could be told you have to purchase something like “testing for D ummies ” or “teach yourself Products trials -cost £25 /you are asked to join a product testing panel -cost £10 by DIRECT DEBIT – thats right your banking details on a NON high secure banking website ,it will be taken each month from your banking account . Flattering as it may sound there is no way firms developing products want your opinion . If you are promised cash or expensive gadget for a “few minutes work ” steer well clear = lovemoney.com/news/11741/beware-the product-testing-scam. And the other ones – 10 minutes of filling in a survey to see if you qualify including all your personal details -get the message ?

0

|

Reply

Member

John Copland says:

My score was 4/7 and I identified the fake emails 100%, but erred on the side of caution with 3 genuine emails. Despite my erring on the side of caution the commentary I received at the end of the test suggested that my score was simply “good” and that I had allowed certain emails to slip past me and that this showed how easy it is to be fooled by sophisticated phishing attempts. Who on earth compiled this test?? Surely the end result is to show that you treat all such emails with suspicion and access the sites through normal secure channels. The test appears to be telling me to relax my security and click on links if everything else seems OK.

0

|

Reply Hide replies ∧

Member

duncan lucas says:

As you are not the first to comment on the reasons why John ,it backs up my suspicions that this is a test to see if BB can break down your genuine aversion to clicking on links in emails so that more business can be transmitted over the web by emails as well as advertising . When I read week in -week out of millions being scammed worldwide on international websites and business tech websites by doing just that—clicking on an email by those who dont know the pitfalls involved it makes me very upset.

0

|

Reply

Member

Old_Deuteronomy says:

I’m with John and all the others who have highlighted the illogicality of this ‘test’. Fail safe rejection is better than taking a chance. I NEVER click on links in unsolicited mails but, if interested, separately go to the provider’s genuine website and investigate there. To give me a mediocre score for being careful seems to the exact opposite of all the warnings issued by anti-fraud agencies. Back to the drawing board, methinks.

0

|

Reply

Member

Patrick Steen says: