When it comes to receiving e-mail, I am always suspicious, even when I know who is sending me the message. If the subject line is vague, if there's very little information in the body, and if there is a link with no clear explanation, I delete the message.
I've deleted a lot of e-mail from my mom.
When a company sends me an e-mail message, I'm cautious. If there is a hyperlink in the message—even if it's spelled out, I investigate the link before I click it. I hover with the pointer over the link to make sure the URL is legitimate. For example, if it's Expedia notifying me of a reservation I made, with a link to the details, I make sure that the URL begins with Expedia dot com. I will also check the properties of the message, looking for anything that may not look right.
If anything seems out of the ordinary, to the recycle bin it goes.
Sometimes, I receive e-mail messages that are obviously bogus. Banking messages from institutions where I hold no accounts. Warnings from Revenue Canada that I owe money and must click a link or risk prosecution.
And yesterday, when "Uber" sent me a message, informing me that my password was changed, red flags went up.
I have never used Uber, so right away I knew this message had malicious intentions. Especially since it came to my work e-mail account (I only use my personal e-mail addresses for any membership).
Here's the message (click it to enlarge it): notice how the return address was noreply@ober.com.
That's Ober, with an O.
For fun, I took a screen shot of it and posted a tweet to show how bad this scam attempt was. I named Uber Canada in my message so that they could know that no matter how bad the scammer is, they're still trying to pass off as the driving service. Note that the message clearly shows, with a red arrow in the screen capture, that I was on to the scam.
Read my tweet and see if it looks like the wool was pulled over my eyes.
But the real Uber didn't pay as close attention to my tweet as I had to the bogus e-mail. They asked me to send them a direct message with a contact phone number that is associated with my account number, so that they could help me.
Clearly, they missed the gist of my original tweet. I felt compelled to spell that out.
But still, they came back for more.
It's times like these where you don't know how to respond. Sometimes, gestures can do all the talking.
No comments:
Post a Comment