It’s becoming very hard to spot phishing attacks

Every year the quality of phishing attacks seems to get better. It wasn’t too long ago that you could spot a fake message from a bank, because of the terrible use of english and awful formatting of the images, but it is not a lot harder. The syntax, grammar, formatting, images and event the URL’s they point you too look identical to those of the real institutions that they are purporting to be.

In fact, some of the emails you receive from scammers, now actually look better than the ones from your bank.

The simple answer (of course) is to NEVER trust an unsolicited communication from anyone, it doesn’t matter of the bank calls you, emails you, writes to you, or knocks on your door directly. If you didn’t expect the communication there is a very high probability it’s fake.

The best answer is to always either visit the institution in person, or call the number on the back of your card (and I can even think of a few ways this can be faked, but it’s much harder)

Here are a few of the attempts to scam me, that I’ve received just this month:

“Hi I’m calling from Microsoft, and we have detected a virus on your computer, and you need to give me access to remove it”

“Hello dear friend, I’m the daughter of the late finance minister of an African nation, and am in trouble and need your help to get funds out of the country, I’ll pay you well for your service in this matter”

“There is an issue with your iCloud login, please click below to resolve the issue”

“This is a IRS calling to tell you that you will be arrested unless you call this number immediately”

“I have been contracted to kill you, but will not kill you it you pay me the same amount of money as the contract”

“This is a fraud alert from the bank, please login below to confirm the transactions”

Some of these were via email, and some phone calls. All were ignored, and most entered spam folders.

For the phone calls I use an amazing service called norobo, which checks every incoming call for know garbage (including charities and political parties) and diverts the call as soon as the caller id is identified. A brilliant free service for the home line (and they charge for cellphones)

For email, the built-in spam filters seem to work quite well, and I needed to actually look in the spam-folder to see what I received.

The simplest answer is to just not believe anyone who calls or emails, assume they all lie, and you are right virtually every time.


We all hate spam, so why is it everywhere?

Every day I must receive between fifty and a hundred emails from businesses trying to sell me things. And I’m not talking about the Viagra sales pitches, the offers to extend my manhood, the pleading letters from Nigerians who want to give me all their millions or the other clearly understood scams that the spam filters place straight in the junk folder.

I’m talking about legitimate businesses that think that sending us unsolicited email is a good way to get us to purchase their products or service. It seems virtually every company thinks that filling my inbox with crap is a good thing, and I’m here to explain to them (via you) that it is not.

I (like nearly everyone) never intentionally even opens these emails. And I absolutely never consider purchasing anything because of them.

Every now and again by pure accident I will open one of these emails, either because I’ll thumbing through my email box and my finger slips or because I press next when reviewing an email, and the next one happens to be one of these business emails. The key thing is it just mis-fingering, I didn’t mean to open it.

But to the people who are using spam as a marketing tool, they see this finger fuckup as a positive response to their campaign. And I really want them to know that it was not!

A whole industry has emerged of people who sell distribution lists to companies, so that can email out their next campaign. And many shops today tell their sales staff to always ask for your zip code (postcode) when you checkout. This isn’t to validate your credit card, this is much worse than that. They ask for a personal piece of information so that they can add you to their mailing list, it’s a governance rule that their legal department makes them follow. Of course they are supposed to ask you if you want to be on their mailing list, but the marketing departments have worked out that most people would say no. So they just have the sales people collect a piece of personal information and they just add you to their marketing database.

Once you give them your zip code, email address or any other piece of personal information you are added. And you will then receive garbage from them either in the post, via phone (normally from India during dinner) or via email.

Some of these companies then sell these “agree to be marketed to” lists to distribution list aggregators who them sell the lists on to other businesses. It’s a huge industry, and filling your inbox with crap and disturbing your dinner is their end game.

Why do they do it, if it’s so annoying and useless? Well it’s simple they are asked by their sales teams to create leads, and they have targets. So even though you are not likely to want to purchase just because they fill you inbox with colorful crap, they don’t care, just so long as the marketing team can report to the sales team and their managers that they sent 120,000 emails out this week and had an open rate of 1.2% they are happy, they are meeting their goals.

Smart marketing means truly understanding your customers, and that is a lot harder, and frankly isn’t a course that is taught on most marketing degrees. But marketing is supposed to be hard, that’s why it takes professionals.