Another problem: Official emails by official entities (companies, banks etc.) are looking more and more like spam and scam. More errors, wrong contact data, lots of colourful pictures... Doesn't make it easier to distinguish between the two.
At my job, they send fake scam emails to employees and anyone who opens or clicks a link from them get sent to scam training. But so many emails that are legit look like scam emails, to the point people don't open important ones. It has caused serious issues for our internal communications.
Yes, this, and they also often have tracking image bugs, and tracking links to e.g. a customer questionnaire, or rate our service with stars or sad and smiley faces. Even major banks and other financial institutions do it, and that is _after_ warning customers on their own websites, and in letters _never_ follow links in emails.
A few months ago I ordered an SSD from the official Samsung UK store. Shortly after getting the confirmation email from Samsung themselves, I received one of the most suspicious emails I've ever gotten. Supposedly from DPD, but the sender was "Samsung Store", weird low resolution logos, odd font formatting - everything looked like it was cobbled together in MS Paint with minimal effort. Even Gmail itself had flagged it as dangerous. I freaked out a little bit, thinking that somehow my shipping and payment information got compromised, but after over an hour of checking everything over and over it turned out that this extremely shady looking email was in fact the real DPD.
@@danithoAt my job, we have a "Report Phish Attempt" button. If we report a real one by mistake, then the security team tells us that it was real, with no penalty to us
I don't know if that's the case in the UK too, but here in Germany the "e-purchase" webside now even forces you to send them a copy of your ID. When I asked how they would ensure the security of this data and what they would do with it, I received no answer... so i refused and they blocked my account, destroyed my busines and cept the rest of my money.
Found a easy sure way to keep all your emails secure. Put the entire list in the bin, and never bother opening a single email, ever. If its important someone will either phone you, write to you or knock on your door.
what gives it away as a scam is the sentence 'i hope this message finds you in good health'. that greeting likely hasnt been used since before the civil war in the US.
Watch out for when they stop using pigeon English in the email and actually type in real English that’s when you have to really worry and with the like of AI it won’t be long before these email look very professional
My mom received a large package from a US pet store yesterday. Before I called the customer service number on the box, I researched the number online to validate that it was indeed the correct number. Ended up talking to their fraud department to report it. I think it was scammers attempt to see if a card is valid, not sure why they would send it to the card holder's address though. Had to contact her bank and credit card numbers to make sure her accounts weren't compromised, turns out that one of them was. Had to cancel the number and issued a new card. Watching these video helped rectify the situation. The only positive is that a local animal shelter will be getting 65 lb. of dog food that costs close to $100.
@@karthikkumar6861 The phone number listed was from a fraudulent front website, white background with only text, 1990's style. It is crazy what scammer are up to. Glad people like Atomic Shrimp are spreading awareness.
I think it's called Drop Shipping? Scammers buy an item and send it to a random address so they can farm good "Verified Buyer" reviews that they make themselves. It's pretty devious! Always send it back if you get an item addressed to you that you nor someone you know sent to you!
It's common for organized crime and other large organizations to buy a list of 100-10,000 credit card numbers that are paired with names and addresses. These are usually obtained from a genuine business' database or like tax records or something. In order to check that the list is genuine, they "burn" 1%-10% of the list by using it in the way you've experienced, or by doing something else that is more obviously fraudulent and gets cancelled before the consumer would be notified.
I got some very believable scam mails. The funny thing about one of them is that with my phone not automatically displaying images in order to use less data, I got a description instead, telling me that the logo's source file was from Wikipedia. 😁 I often tell my family about especially clever scam mails in order to help them recognise scams, so anything I can learn is helpful to several people.
I had a second chat about this with my mum, when she (cleverly) messaged me on Whatsapp, on my current number "How much money do you need?". She tried to laugh it off as "I knew it wasn't you.", so I really had to push home that she did the right thing by not trusting the "hi mum new phone need money" person's advice to only use the "new" number from now on, and actually checking with me. I only use Whatsapp to communicate with family, because they refuse to move to something more secure. But soon enough voice synthesis will be good enough and available/low CPU enough that we're all boned anyhow, so sometimes it feels like bothering to be secure is hardly worth the effort. But we do trundle along...
My grandmother received a realistic-looking email from "PayPal". She called the number in the email but fortunately couldn't understand the scammers' accents. She had me check out the email and I immediately noticed a few spelling mistakes. I then went to PayPal's website and showed her how to find the real PayPal number. There are some scammers who are getting good at crafting emails, if they start hiring native English speakers without accents to work in their call centers it'll be game over for us.
The "Unnecessary embellished" part sticks out to me even as a moderately fluent ESL guy. It pops up often with AI-generated paragraphs as well, which makes me think scammers are getting pretty comfortable with GPT and related tools.
@@wolfetteplays8894wrong, no - but abnormal, yes. That's why they call it hyperliteracy and not normal literacy. Big companies like Halifax will avoid overly complex language for inclusivity reasons anyway, so it's still a red flag that the email comes from not-Halifax if the language is very elaborate
I wanted to tell you that I actually mentioned your channel in a talk i gave to a group of senior citizens about email scams. Namely your video about shame for falling for a good scam and how that prevents people from getting help. I do IT for a living and went far enough along with a scammer claiming to be from my bank that i had to cancel a card immediately. They were aiming for more, but were convincing enough that they got that much before the alarms went off. Thank you for what you do!
Again, great advice, especially the parts about not panicking or being scared, just skeptical, and going to the website you know rather than clicking a link. I hadn't heard the Gmail + trick, so that's awesome, but I did say to have one email account you ONLY use for banking/credit cards and/or have one you use for "junk" when you have to give out an address but don't want to.
Any contact with banks or other institutions that are initiated by other than ME are suspect, and verified by independent means, never through the incoming contact.
As soon as I saw the line "I hope this message finds you in good health and high spirits". As soon as I saw that line I knew it was a scam without looking at anything else. No bank would ever send something like that.
For me, it's the fact that the sentence was in a banner. Like, i would expect the bank would use their official banner with their logo and their slogan. Then, of course banks don't *actually* care about your feelings and health, but it's easy to pretend like they do ;) it's just words on paper/screen. So the next giveaway is more the use of "I" in that banner, unless it's signed from a personnal advisor, banks would normally always use "We".
I lived in India many years ago, and it was quite normal for people to say "Pray, what is your sweet name?" , in English, when being introduced to me. Flowery language was a lot more common in the workplace, and I guess unless they have lived abroad, they wouldn't realise that it seemed strange to a native speaker.
I spotted the Halifax email as a scam within two seconds. No British bank will start off with "I hope this message finds you in good health and high spirits". That is a quintessential scam greeting.
One extra bit of advice at the end: be prepared for one of these scams succeeding. It’ll happen eventually, no matter how smart and careful you are, and having a plan for when it does will help you avoid panicking, and keep the breach small.
I touched on this a little bit in a previous video ( ruclips.net/video/Z2tDAqifAXw/видео.html ) which contains a breach response plan that was based on one that I used in my former IT career; maybe I'll do a followup video with a breach response plan adapted for the average user
I’m pretty sure the email text was generated using some form of GPT, probably ChatGPT or Bing Chat. That explains the flowery language and weird words. We will see more of this, since this allows scammers to create convincing emails with zero effort.
@@gegdim9307Because ChatGTP had only gained use and popularity recently, but this exact style of writing has been typical for scams for years before ChatGPT. Unless the scammer specifically told ChatGPT to write a scam email, it would not produce a text like that. You can easily try giving it some prompts yourself to check
At least here in the U.S., a red flag would be the unusually old-fashioned and polite greeting, out of step with modern culture. I've never seen a legitimate corporate e-mail begin with "I hope this message finds you in good health and high spirits". That sounds like something from a 1700s letter written with a quill pen.
It's been useful, thank you. One thing I like to add is, what nearly got me: If you get an email that is possible a scam, but it relates to something that is actually happening to you right now, be extra vigilant. By coincedence, I was getting a scam email about some package that got lost and I need to reclaim it. Thing is, at that point I actually had a missing package from an Amazon order, so I let my guard down for a bit, because I had the issue the scam email mentioned. Luckily, the scam email was so badly written, I caught on fast before doing anything stupid. Side note: I feel in germany scam mails are more obvious to spot from the grammar alone. Especially mails that are suppossed to sound official like from a Bank are really bad, since I feel the autotranslates really struggle with german formal grammar.
German is my native tongue (age 5-24 with a two year English break), but after English became my primary language I really struggle with German. I really admire a non-native German speaker being able to speak it fluently.
Scammers from India and Nigeria, especially from the latter, have very bad grammar. In addition to their bad grammar, they often ask or tell you stuff that are customary in their country, but not in Britain, or anywhere in the West. For instance, they ask you if you have already eaten. Furthermore, they often exude a sense of urgency, and get easily irritated and rude if you ask them many questions or do not do as they ask when they ask
Most dangerous scam mails are those pretending to come from DHL, UPS, Hermes or another service. Especially if you really bought something online a few days before and really expect a delivery.
Oh god I had one of those recently, asking me to pay a tiny sum to receive a package. I then asked my friend if she sent something because it was super convincing and I was a little panicky but nope, just a scam.
I had an email amd text from DHL and I am not sure if its a scam, do their emails normally look scammy? Not clicking on the link just to be safe anyway
@@Farimira Assume it is a scam. If it is not, then they will try to call you or send you a letter if it is important. Alternatively, write to their support about it if you want to be pro-active.
Thank you Mike for raising awareness on this topic! At my company, we have recently announced a CEO change and just one day later, some people started to receive emails asking for important and confidential information in the name of the new CEO. Fortunately, the scam didn't succeed, but I was astonished by the reactiveness of these scammers.
I get more fake courier texts strangely around a time i receive packages to the post office box (not PO box, but the one you open with a code). So the scammers likely have people inside feeding them information.
You'd think the scammers would wise up to not starting their emails with direct translations of whatever greeting they have in their countries. Is it really so hard to figure out that "Greetings dear brother, I hope this finds you in good spirits and the souls of your beloved family" is not how banks talk to their customers?
I've been told that this is a way of confirming the target is gullible. If you don't notice poor grammar, bad spelling, or unusual phrasing, you are more likely to fall for the scam.
Even a bank just hoping their customer is in good spirits seems off. Not only because it’s an unusual way to address someone in a business correspondence, but also because in reality the extent a bank actually care about its customers is based only on how much money they have.
@@Sashazurit's almost a universal tell they have, can't help themselves. It's...I think it's like they operate under the assumption that fluent english is enough (sadly it often is) and so they don't think or perhaps understand how other cultures speak and address other members of similar culture. Best I can think of to explain it is to imagine the situation in reverse. An American trying to scam a foreigner, but not aware of cultural differences in speaking. Overly informal in addressing someone in a situation that calls for strict formality, or vice versa. Using American idioms and expressions translated into the target language. Imagine tech bro business jargon speak in an email about I dunno...shipping. Or terminally online lulzor le epic speak in a situation about online banking. It's operating under the assumption that everyone speaks like you do, so all you have to do is translate the language fluently and successfully. It's also why their automated 30 response long threads of "wow I invested (×) currency with Mr(s). First name and First name as last name and made (×) more currency." "Wow vague supportive comments about investing with (two first names)" and twenty more "responses" from supposedly random different people either singing the praises of (two first names) or asking the "op" how to get in touch with (two first names). And why it all reads so wooden and stilted. Because the scammers aren't capable of writing differently to distinguish themselves from themselves, so it not only is them replying to themselves it also reads like it too. If it was just one comment it would still sound forced and scammy spammy, but a chain twenty or thirty responses long just absolutely screams scam and spam. They're like bad liars who think that giving more info and detail = more credible lie, when usually it's the less said the more convincing it is, or at least it's potentially harder to pick apart.
My number 1 tip is to never go to any links from an email unless its one you have requested yourself at that time such as when you ask to reset a password and they send you an email at that time. If you ever get an email you arent sure of, go to the legit website yourself rather than using a link from the email. I get these emails all the time saying my Netflix is closed or my Apple account is closed or my amazon will be closed, jokes on them, I dont use any of these lol.
I used to get emails from the "Nigerian Prince". These days, from time to time I get a scam phone call from India. An acquaintance of mine was once scammed into paying a fee in order to receive some "lottery winnings"
@@petelee2477 If you're applying for jobs be prepared for scam job offers (in my experience, they eventually become "send a check" scams). Check domain names (they may look VERY realistic, so be careful with that...like the real domain name may be very close to their spoof), and even call the hr department of the real company if you're concerned.
As someone who used to work in the banking industry, received extensive anti-scam training, and was sporadically targeted with test/probe attacks by the bank’s information security team I can say that this is a great service you are providing for your viewers. Top notch!
working in a bank is a bit different to personal emails, you can ignore your banks emails, they won't do anything. a bank ignores emails and it could cost millions.
I would have been convinced. The time i nearly fell for it, my brother had just had a traffic accident, we were waiting for police report, hospital to ring etc, and a caller rang "we're ringing about the road traffic accident" "yes, the one in Blaenporth?" etc Finally realised it wasn't the police etc (they never did ring!). These 'random fishing attacks' will always be true for someone.
definitely analyzing the lexicon of E-AASL was a big brain blast. I can't believe we have to ARG investigate our way into being not homeless every five seconds in this world
After it was revealed my government let russian spies access NATO servers for a decade i have no issues like this. I KNOW they likely sold all my private info themselves for russian cash anyway.
No kidding. One week after I made a facebook account (not by choice but by necessity) which requires a phone number I started receiving calls from unknown numbers... That is the first and only time I've ever received scam call attempts
Yeah, it definitely was, but just not broken in the way I have more commonly encountered where it says something like "your account have has been using for illegals buys"
10:53 Polish e-mail provider I use (o2) allows you to create completely custom addresses on its "vanity" domains (most are quite cringeworthy). They also have much bigger space for your e-mails than gmail.
I'm happy with my Proton service, though I do pay for their entire email, VPN, and other extras package. Users can create complete nonsense email addresses, both before and after the "@", that does not even appear to be from Proton.
I started a new job recently, and they were very serious about in training telling us how to avoid phishing emails. They even said that they send out "fake" phishing emails of their own, and use it to track employees who click on it so they can do better training.
Thankfully in my country (Denmark) we have an 'official' email that's regulated by the government (called e-boks) where any official documentation from banks, government entities etc. will be sent to. So you can just ignore every single email you get because they will never reach out for you in this way. Also to log into official places like banks and even the beforementioned e-boks, you need your username and password as well as a 3rd party authenticator app on your phone. Of course people can still and do still get scammed but it really narrows down the things you need to be wary of
"Don't be scared, be prepared." From scam videos to cooking pizzas, somehown you make everything you do quite interesting and fun to watch. Cheers from South America :)
I used to work for First Direct, which for those not in the know is a British call-center only part of HSBC. We were always clear during outbound calls that we'd prefer a customer say they're not comfortable and call us back than for them to keep talking with someone they're unsure about - we'd straight up say so. The same goes for email communications. Nothing sent in an email is so urgent that it can't wait a moment for you to log-in your account the slower, safer way.
I work in IT at a university and we see lots of reasonably good scam emails, but the sending email address is typically the dead giveaway. Not that people don’t get fooled. It’s like “No, Karen, HR didn’t send you an email from a hotmail address. How’s that PhD working out for you?”
One of my employers ran a phishing exercise once, with a benign hacker hired to run a security text. We were given a list of red flags to look for, then sent an email with some of those present, and a link at the end. I spotted one straight away (a typo in someone's surname, which was explicitly mentioned in the email) and did not click it. Half of my department DID - which I learned about because they were asking each other what to put into the login boxes on the next step out loud. They all had to retake the exercise. I lost a little faith in the educated portion of humanity that day.
I've recently had a lot of fairly good fake eBay emails, saying I have a new message. I've got a lot of stuff for sale, so it's believable. The main giveaway is that I know what genuine emails look like, and I know that they include the message in the email, which the fake ones don't. Had a similar thing ages ago with fake Amazon emails. The major giveaway, along with all the minor ones, was that I knew what genuine ones looked like.
Be careful ... eventually they'll be smart enough to actually get a real Ebay account, and manage to invoke one of those emails to themselves. Then they'll just copy the text of a Real Ebay Email into their scam email. Bottom line, don't trust it, even if by all accounts it *seems* legit.
Personally to prevent these type of scam I have one phone and one email I never use and only give to banks. Not even family member know that number and emai.
it may be eBay's data breach, but it may also be eBay sellers harvesting data on their customers and selling them (I similarly had an email that i used primarily for eBay that reveives lots of spam, but notably associated with a domain that did not exist in 2014)
I tell my customers to be aware of the three scam "keywords" - kindly, verify, and confirm. Every scam email I've ever seen contains at least one of these words.
I've been getting occasional phishing emails that have disturbingly good facsimiles of the email layout of our government's email standards. Only because I actually worked on systems pumping out the real emails, and know the internal html layout and graphics dimensions and naming of the real ones was I able to see the difference clearly, though I was warned by the ever so slightly odd wording and one of the images being a bit off in its scaling. Not enough to trigger anyone but people who actually have inside knowledge of the government email standards.
I've once received an e-mail that looked like it came from myself, saying they invaded my account and were demanding money. At first it was a chilling experience, since it really was my email. The thing is, after researching a bit i found out that they can fake the sender, so i ignored it and none of their threats were true
I'm getting a feeling that youtube is a scam. I click on the video, an ad plays up to 1 sec. before it can be skipped and locks up the content. Restarting it just puts it in a loop. Awful. OK?
I live in Belgium and I've noticed that all the phishing emails I receive are in Dutch. It's an instant red flag to me (i don't speak it, all my administrative and official correspondence is set up to French).
Well that is quite Belgium specific. It is rare for country to have two languages of same officiality and inhabitants have practically exclusive knowledge of only one.
My bank never sends me kindly or wishing me good spiritual health messages, neither do my utility companies or government. Scammers would be better off saying: "hello wage-slave, give me dosh coz I want it". Bloody annoyed for people with Alzheimers/Learning difficulties/pressed for time and stressed ones. Anyway my bank makes me jump through hoops... thinking of turning dosh to gold and keeping it under the mattress! Gertcha!
Generally speaking I only click on email links that I'm expecting to receive, such as Paypal invoices, with the confirmation from the other person that it was them who sent it. It's inevitable in this day and age that your information is out there being abused by somebody, the best you can do is apply reasonable doubt and try to confirm with the expected sender where possible.
As a professional translator, i work a lot for a bank. I see a lot of internal documents and customer facing communications. At least for that bank, there is a shift towards friendlier sounding messages to their customers, so "valued customer" does not look too weird for me. (There's a lot of empty, feel good wording too, depending on the type of communications, i've noticed.) So considering that, there's really only comparing to recent communications from that same bank (if you receive them) to know if this flowery language is normal or not.
The reason that "valued customer" stands out like a sore thumb to me is that the phrase implies they also have customers who they do not value. "Valued customer" always shouts "scam email" to me.
this is like a constant pen test, they just keep evolving until one slips in, maybe you open your email when you were kinda sleepy that day and rip your info stay alert!
Two things, firstly would you consider making a video on scams that you get via text? As I have noticed that I am getting a lot more scam texts. Secondly and most importantly can we please soon witness the return of John Warosa and Herry Mike Ridering?
I've been getting a few on my personal phone (WhatsApp messages mainly) referencing job opportunities, which I just roll my eyes at and block. However I did end up having a small text exchange on my work phone earlier this evening, the first message said something along the lines of they didn't have my number stored in their contacts and did we know each other. I said I didn't have theirs either, who were they? (Keeping it professional in case it genuinely was a client whose number I hadn't saved) The reply said they were 'Diana' and they weren't sure they knew me either, what was my name? I asked for their full name and where they worked so I could work out if they were one of my company's clients. No response and I searched the number which did show up as a potential text scam, so I blocked it. Fairly well written, and no obvious sign as to what the potential scam could be. One I'll be passing to my colleagues tomorrow to be aware of.
Hackers are getting so bad that at university they are teaching us to just hash all data or near all data that goes into a database. Sometimes even with multiple hashing algorithms
When I was a pre teen I made a handful of emails so I could make multiple accounts on websites like quotev. Ended up being amazing because I have different emails with different fake names so I only use my important email for like government websites and banks. Even when I order food ahead of time the baristas call out one of the random names because I don’t like food emails clogging up my inbox.
And broadly, at this point, nothing in any email from a bank or ebay or amazon or DHL ever needs to be taken care of within the email. If its asking for something, take your own self to the site and engage there, no clicking links. All relevant secure messaging can be accessed within these sites themselves. All my bank emails go to an address I barely look at because it doesn't matter anyway. If its real I'll see it next time I log in, if its important I'll get an actual letter.
I wonder if the improvement but oddity of phrasing in the scam messaging might also be a result of generative AI. Based on my exploration of how AI writes, this format and word choice is quite similar.
The wording would be an immediate red flag for me. Yes, the word “kindly” but also the banner. It doesn’t have a formal tone. Whilst not informal, it doesn’t sound like a corporate entity. Even if they’d said “we hope…”, what on earth is “good health and high spirits” - nobody speaks like that! And then they repeat the spirits thing in the first line: “…good spirits”. And then “if adjustments are to be made” - that sounds like a copypaste from an official document. The correct phrasing would be “if this is incorrect”. Then it says it’s required immediately. After saying “inform us at your earliest convenience” - sounds like two different messages. Other things “vital *for* us” - should be to us. And “clear” communication isn’t the right term either. Overall, it’s a better attempt than normal, but the “different” English and poor phrasing do give it away somewhat. It might get passed the casual observer. I just program myself to automatically assume every message is a scam until proven otherwise.
I just literally never check my email which is a good and smart way to live. Just like I don't answer any phone call or even get my mail out of my mailbox. My ADHD being completely overwhelmed by modern life FTW 😅😢
Might be worth making a future scam video about defunct or old linked-email accounts and the associated risks. Many people still have their social media and other online accounts linked to old sometimes forgotten about email addresses (ISP based ones and older webmail accounts) from when these accounts were originally set-up, even though they have since moved on to other email providers. These older email accounts rarely support or have 2FA, use short weak passwords and regularly feature in data breaches. They are commonly used by criminals to request password resets for all linked accounts.
Again, an interesting video, informative. Recently here, a friend of mine received an actual paper-mail phising scam attempt, surprising in that this sort of thing costs the scammer money...it even included a postage-paid return envelope...pretending to be from both a bank and the government tax agency. Have you encountered any of these sort of scams..?
When I get phishing e-mails, I usually open the phishing form, then enter BS, but plausible-looking data. The idea is to pollute the database so much with fake credentials that the scammers give up on trying to get into real accounts before they come across actual credentials of some unsuspecting victim.
@@UltimatePerfectionyou must have a lot of time! I'd wager that it's taking you more time to do, than it's taking the scammers to work around. Not worth it imho bro, save yourself the time.
3:20 If the resource is served from the scam domain, would the scammer not be able to see the HTTP GET request you make for that resource? Or is that more from the angle of, since the image URL is sufficiently generic, they wouldn't be able to differentiate a click from you from anyone else who might've viewed that email?
Yes, but there was no unique naming to the image. What some spammers do is to embed an image named say logo2453765.png, using a unique numeric part for each target, then they don't just know *someone* clicked, they can correlate it to the email address they sent that one to
My little sister got scammed last week on Facebook trying to buy football tickets. She showed me the message it was CLEARLY an African on a hacked fb account. Got her for $200. The language was soooo bad. It was laughable that she fell for it.
As always, great advice. I have been in IT for 30 years, and I haven't seen everything. Even I occasionally fall victim to clicking on bad links. These videos are a great help to everyone online. Thank you.
Is kindly archaic? Less popular now than it used to be? "Thank you kindly" just rolls together so easily and charmingly though! It's a fun phrase to say, here in the southern USA.
My secret is i don't read unsolicited email. I actually hardly read any of my email. Why do people read unsolicited email? I can't imagine it to be related to loneliness, because i am the most lonely, friendless person i know, and still i don't find joy through email. I dunno. Nobody ever deserves to be scammed, but i think people need to stop reading unsolicited emails. I equate it to unsolicited snail mail. i.e: when is unsolicited snail mail ever anything good? Never. Same applies to email.
So then no worries about centralising data in a digital world (I'm pointing this rhetorical remark at you, UK Government) thus making it the ultimate honeypot?
I don’t think any company in the U.K. would use “I hope this finds you in good spirits”. That sounds like scammer language and I immediately wouldn’t trust it.
Interesting you find the sentence "I hope the message finds you in good health and high spirits" is too informal for you. As a ESL speaker whose job involves speaking and writing in English, it sounds archaic.
There are some scammers giving out 80 90usdt in the hopes you will deposit back 100usdt back to them, theyve contacted me 4 times with different companies as a job front and i just take the money from the "training" then simply leave lmao
That was hardly subtle in my opinion. "Find you in high spirits"? I don't think any major bank or corporation would ever use that language. Real stuff is always so... sterile. Fake. Impersonal. That's always my number one flag for scam emails: It's all about the language. It's hard to describe, but it's always so obvious to me.
the solution (for most of those emails) is to go to the real site directly instead of the button. most companies will ask the user to go to the site *and* include a direct link, if it's just a link it's probably a scam. today most companies will also send you an sms and an email at the same time and the sms number will most likely already have a few messages (like confirmation for the first time). conclusion: every single time just do a few more clicks and go to the actual site.
...and of course some miguided programmers at some institutions can't seem to read the relevant email RFCs, and will not allow plus addresses, claiming they're improper. But for those who aren't so dain bramaged, yes, that works fairly well. On the Gamil end, one can set up filters to sort these into labels, or to delete emails that become annoying.
Mike, what happened to the video you published yesterday?
Oh yeah, now that you mention it, that Spanish(ish) omelette video seems to be gone. Maybe he had to take it down to edit a mistake out or something.
It was so delicious, RUclips ate it
@@akpsyche1299 I would think so
@@akpsyche1299yo, are you the guy at UTD I was talking to about this channel?
I didn't dream it 😂
Another problem:
Official emails by official entities (companies, banks etc.) are looking more and more like spam and scam.
More errors, wrong contact data, lots of colourful pictures...
Doesn't make it easier to distinguish between the two.
At my job, they send fake scam emails to employees and anyone who opens or clicks a link from them get sent to scam training. But so many emails that are legit look like scam emails, to the point people don't open important ones. It has caused serious issues for our internal communications.
Yes, this, and they also often have tracking image bugs, and tracking links to e.g. a customer questionnaire, or rate our service with stars or sad and smiley faces. Even major banks and other financial institutions do it, and that is _after_ warning customers on their own websites, and in letters _never_ follow links in emails.
A few months ago I ordered an SSD from the official Samsung UK store. Shortly after getting the confirmation email from Samsung themselves, I received one of the most suspicious emails I've ever gotten. Supposedly from DPD, but the sender was "Samsung Store", weird low resolution logos, odd font formatting - everything looked like it was cobbled together in MS Paint with minimal effort. Even Gmail itself had flagged it as dangerous. I freaked out a little bit, thinking that somehow my shipping and payment information got compromised, but after over an hour of checking everything over and over it turned out that this extremely shady looking email was in fact the real DPD.
That's because more and more employees don't speak much English.
@@danithoAt my job, we have a "Report Phish Attempt" button. If we report a real one by mistake, then the security team tells us that it was real, with no penalty to us
Thank you shrimp! Been watching since I was in high school and you’ve kept me vigilant and aware in this online world.
I don't know if that's the case in the UK too, but here in Germany the "e-purchase" webside now even forces you to send them a copy of your ID. When I asked how they would ensure the security of this data and what they would do with it, I received no answer... so i refused and they blocked my account, destroyed my busines and cept the rest of my money.
I live in South Africa and people use 'kindly' in the majority of work emails! I had no idea it was considered archaic in the UK.
Found a easy sure way to keep all your emails secure. Put the entire list in the bin, and never bother opening a single email, ever. If its important someone will either phone you, write to you or knock on your door.
what gives it away as a scam is the sentence 'i hope this message finds you in good health'. that greeting likely hasnt been used since before the civil war in the US.
Just ignore everything!
Thanks for the advice
If these scammers ever stop using the word “kindly” everywhere then I might actually be in trouble 😂
Watch out for when they stop using pigeon English in the email and actually type in real English that’s when you have to really worry and with the like of AI it won’t be long before these email look very professional
A man chooses
A slave obeys
Would you kindly click the link?
@@chriszfrancis Beat me to it. :D
I work in CS and use "kindly" lol
My mom received a large package from a US pet store yesterday. Before I called the customer service number on the box, I researched the number online to validate that it was indeed the correct number. Ended up talking to their fraud department to report it. I think it was scammers attempt to see if a card is valid, not sure why they would send it to the card holder's address though. Had to contact her bank and credit card numbers to make sure her accounts weren't compromised, turns out that one of them was. Had to cancel the number and issued a new card. Watching these video helped rectify the situation.
The only positive is that a local animal shelter will be getting 65 lb. of dog food that costs close to $100.
Remember Shrimp explaining that in one of the videos.
@@karthikkumar6861 The phone number listed was from a fraudulent front website, white background with only text, 1990's style. It is crazy what scammer are up to. Glad people like Atomic Shrimp are spreading awareness.
@@karthikkumar6861 I may be misremembering, but I think it's something about false reviews. That way they have a verified purchase.
I think it's called Drop Shipping? Scammers buy an item and send it to a random address so they can farm good "Verified Buyer" reviews that they make themselves. It's pretty devious! Always send it back if you get an item addressed to you that you nor someone you know sent to you!
It's common for organized crime and other large organizations to buy a list of 100-10,000 credit card numbers that are paired with names and addresses. These are usually obtained from a genuine business' database or like tax records or something. In order to check that the list is genuine, they "burn" 1%-10% of the list by using it in the way you've experienced, or by doing something else that is more obviously fraudulent and gets cancelled before the consumer would be notified.
I got some very believable scam mails. The funny thing about one of them is that with my phone not automatically displaying images in order to use less data, I got a description instead, telling me that the logo's source file was from Wikipedia. 😁
I often tell my family about especially clever scam mails in order to help them recognise scams, so anything I can learn is helpful to several people.
I had a second chat about this with my mum, when she (cleverly) messaged me on Whatsapp, on my current number "How much money do you need?".
She tried to laugh it off as "I knew it wasn't you.", so I really had to push home that she did the right thing by not trusting the "hi mum new phone need money" person's advice to only use the "new" number from now on, and actually checking with me.
I only use Whatsapp to communicate with family, because they refuse to move to something more secure. But soon enough voice synthesis will be good enough and available/low CPU enough that we're all boned anyhow, so sometimes it feels like bothering to be secure is hardly worth the effort. But we do trundle along...
Yes. PayPal is one that is very believable and almost got me.
My grandmother received a realistic-looking email from "PayPal". She called the number in the email but fortunately couldn't understand the scammers' accents. She had me check out the email and I immediately noticed a few spelling mistakes. I then went to PayPal's website and showed her how to find the real PayPal number. There are some scammers who are getting good at crafting emails, if they start hiring native English speakers without accents to work in their call centers it'll be game over for us.
@@artistknownaslisa2850 i get those random paypal docs. Sent to me and a bunch of other ppl. No context, just take this lol
The "Unnecessary embellished" part sticks out to me even as a moderately fluent ESL guy. It pops up often with AI-generated paragraphs as well, which makes me think scammers are getting pretty comfortable with GPT and related tools.
There's nothing wrong with hyperliteracy
@@wolfetteplays8894wrong, no - but abnormal, yes. That's why they call it hyperliteracy and not normal literacy. Big companies like Halifax will avoid overly complex language for inclusivity reasons anyway, so it's still a red flag that the email comes from not-Halifax if the language is very elaborate
I wanted to tell you that I actually mentioned your channel in a talk i gave to a group of senior citizens about email scams. Namely your video about shame for falling for a good scam and how that prevents people from getting help. I do IT for a living and went far enough along with a scammer claiming to be from my bank that i had to cancel a card immediately. They were aiming for more, but were convincing enough that they got that much before the alarms went off. Thank you for what you do!
Again, great advice, especially the parts about not panicking or being scared, just skeptical, and going to the website you know rather than clicking a link. I hadn't heard the Gmail + trick, so that's awesome, but I did say to have one email account you ONLY use for banking/credit cards and/or have one you use for "junk" when you have to give out an address but don't want to.
Any contact with banks or other institutions that are initiated by other than ME are suspect, and verified by independent means, never through the incoming contact.
@@thisbushnell2012 You are absolutely correct. The worst part is knowing better and still going that far.
You’ve scammed atomic shrimp of content……you owe him a fiver
@@FloatingCroc Fair! I did credit the channel by name!
As soon as I saw the line "I hope this message finds you in good health and high spirits". As soon as I saw that line I knew it was a scam without looking at anything else. No bank would ever send something like that.
Same here, banks couldn't give a toss about your health and high spirits! 🤣👍
For me, it's the fact that the sentence was in a banner. Like, i would expect the bank would use their official banner with their logo and their slogan.
Then, of course banks don't *actually* care about your feelings and health, but it's easy to pretend like they do ;) it's just words on paper/screen. So the next giveaway is more the use of "I" in that banner, unless it's signed from a personnal advisor, banks would normally always use "We".
@@bleuumscarlett7977 For me it was the words they used. No British English speaker would say that. To me it sounds like something an Indian would say.
@@minuteman4199 _"To me it sounds like something an Indian would say."_
well DUUUH!!! 😁😁😁
I lived in India many years ago, and it was quite normal for people to say "Pray, what is your sweet name?" , in English, when being introduced to me. Flowery language was a lot more common in the workplace, and I guess unless they have lived abroad, they wouldn't realise that it seemed strange to a native speaker.
I spotted the Halifax email as a scam within two seconds. No British bank will start off with "I hope this message finds you in good health and high spirits". That is a quintessential scam greeting.
Agreed, it's pretty obviously a scam to most people without question.
I'm in Scotland and bank with Virgin Money, formerly Clydesdale Bank. They are painfully flowery in their emails.
One extra bit of advice at the end: be prepared for one of these scams succeeding. It’ll happen eventually, no matter how smart and careful you are, and having a plan for when it does will help you avoid panicking, and keep the breach small.
Very good point
I touched on this a little bit in a previous video ( ruclips.net/video/Z2tDAqifAXw/видео.html ) which contains a breach response plan that was based on one that I used in my former IT career; maybe I'll do a followup video with a breach response plan adapted for the average user
@@AtomicShrimp I remember! I was thinking for people who don't watch every video, but rather just get linked to a single video :)
Very good idea. I think this would be very useful to a lot of people. :) @@AtomicShrimp
I consider every email as a scam and then work my way forward from that.
I’m pretty sure the email text was generated using some form of GPT, probably ChatGPT or Bing Chat.
That explains the flowery language and weird words.
We will see more of this, since this allows scammers to create convincing emails with zero effort.
It doesn't seem like it to me, it looks more like it's from someone whose first language isn't English
@@circuit10 why wouldn’t it be GPT generated? It’s super easy and effective, and you can easily tweak text with it
@@gegdim9307 Because this isn’t ChatGPT’s writing style, see for example the use of “kindly”
@@gegdim9307Because ChatGTP had only gained use and popularity recently, but this exact style of writing has been typical for scams for years before ChatGPT. Unless the scammer specifically told ChatGPT to write a scam email, it would not produce a text like that. You can easily try giving it some prompts yourself to check
@@gegdim9307 Why _would_ it be GPT-generated?
At least here in the U.S., a red flag would be the unusually old-fashioned and polite greeting, out of step with modern culture. I've never seen a legitimate corporate e-mail begin with "I hope this message finds you in good health and high spirits". That sounds like something from a 1700s letter written with a quill pen.
It's been useful, thank you. One thing I like to add is, what nearly got me: If you get an email that is possible a scam, but it relates to something that is actually happening to you right now, be extra vigilant. By coincedence, I was getting a scam email about some package that got lost and I need to reclaim it. Thing is, at that point I actually had a missing package from an Amazon order, so I let my guard down for a bit, because I had the issue the scam email mentioned. Luckily, the scam email was so badly written, I caught on fast before doing anything stupid.
Side note: I feel in germany scam mails are more obvious to spot from the grammar alone. Especially mails that are suppossed to sound official like from a Bank are really bad, since I feel the autotranslates really struggle with german formal grammar.
Everyone does. I'm learning German because I have to. It's an absolute nightmare to comprehend.
German is my native tongue (age 5-24 with a two year English break), but after English became my primary language I really struggle with German. I really admire a non-native German speaker being able to speak it fluently.
Scammers from India and Nigeria, especially from the latter, have very bad grammar. In addition to their bad grammar, they often ask or tell you stuff that are customary in their country, but not in Britain, or anywhere in the West. For instance, they ask you if you have already eaten. Furthermore, they often exude a sense of urgency, and get easily irritated and rude if you ask them many questions or do not do as they ask when they ask
Most dangerous scam mails are those pretending to come from DHL, UPS, Hermes or another service. Especially if you really bought something online a few days before and really expect a delivery.
Oh god I had one of those recently, asking me to pay a tiny sum to receive a package. I then asked my friend if she sent something because it was super convincing and I was a little panicky but nope, just a scam.
Had a bunch of these pretending to be from Amazon very recently.
I had an email amd text from DHL and I am not sure if its a scam, do their emails normally look scammy? Not clicking on the link just to be safe anyway
@@Farimira Assume it is a scam. If it is not, then they will try to call you or send you a letter if it is important.
Alternatively, write to their support about it if you want to be pro-active.
If you recently ordered something you should have a tracking number from the shipper that you can easily check.
Thank you Mike for raising awareness on this topic! At my company, we have recently announced a CEO change and just one day later, some people started to receive emails asking for important and confidential information in the name of the new CEO. Fortunately, the scam didn't succeed, but I was astonished by the reactiveness of these scammers.
Sheesh!
LinkedIn, company websites and social media can make it easier for fraudsters to create believable CEO, mandate and voucher frauds.
Probably an inside job.
It's crazy how fast spear phishing attacks get started
I get more fake courier texts strangely around a time i receive packages to the post office box (not PO box, but the one you open with a code).
So the scammers likely have people inside feeding them information.
You'd think the scammers would wise up to not starting their emails with direct translations of whatever greeting they have in their countries. Is it really so hard to figure out that "Greetings dear brother, I hope this finds you in good spirits and the souls of your beloved family" is not how banks talk to their customers?
Maybe the Bank of Jesus? 😂😂😂😂😂😂
I've been told that this is a way of confirming the target is gullible. If you don't notice poor grammar, bad spelling, or unusual phrasing, you are more likely to fall for the scam.
Even a bank just hoping their customer is in good spirits seems off. Not only because it’s an unusual way to address someone in a business correspondence, but also because in reality the extent a bank actually care about its customers is based only on how much money they have.
@@Sashazurit's almost a universal tell they have, can't help themselves. It's...I think it's like they operate under the assumption that fluent english is enough (sadly it often is) and so they don't think or perhaps understand how other cultures speak and address other members of similar culture.
Best I can think of to explain it is to imagine the situation in reverse. An American trying to scam a foreigner, but not aware of cultural differences in speaking. Overly informal in addressing someone in a situation that calls for strict formality, or vice versa. Using American idioms and expressions translated into the target language.
Imagine tech bro business jargon speak in an email about I dunno...shipping.
Or terminally online lulzor le epic speak in a situation about online banking.
It's operating under the assumption that everyone speaks like you do, so all you have to do is translate the language fluently and successfully.
It's also why their automated 30 response long threads of "wow I invested (×) currency with Mr(s). First name and First name as last name and made (×) more currency." "Wow vague supportive comments about investing with (two first names)" and twenty more "responses" from supposedly random different people either singing the praises of (two first names) or asking the "op" how to get in touch with (two first names). And why it all reads so wooden and stilted.
Because the scammers aren't capable of writing differently to distinguish themselves from themselves, so it not only is them replying to themselves it also reads like it too. If it was just one comment it would still sound forced and scammy spammy, but a chain twenty or thirty responses long just absolutely screams scam and spam. They're like bad liars who think that giving more info and detail = more credible lie, when usually it's the less said the more convincing it is, or at least it's potentially harder to pick apart.
@@Sashazur That doesn't mean that banks don't use warm greetings.
My number 1 tip is to never go to any links from an email unless its one you have requested yourself at that time such as when you ask to reset a password and they send you an email at that time. If you ever get an email you arent sure of, go to the legit website yourself rather than using a link from the email. I get these emails all the time saying my Netflix is closed or my Apple account is closed or my amazon will be closed, jokes on them, I dont use any of these lol.
👍👍👍
I used to get emails from the "Nigerian Prince". These days, from time to time I get a scam phone call from India. An acquaintance of mine was once scammed into paying a fee in order to receive some "lottery winnings"
Yep, always open the site itself, not from the email. Simple but sound advice
Do you not apply for jobs? I need to be ready to respond to any email regarding scheduling interviews.
@@petelee2477
If you're applying for jobs be prepared for scam job offers (in my experience, they eventually become "send a check" scams). Check domain names (they may look VERY realistic, so be careful with that...like the real domain name may be very close to their spoof), and even call the hr department of the real company if you're concerned.
As someone who used to work in the banking industry, received extensive anti-scam training, and was sporadically targeted with test/probe attacks by the bank’s information security team I can say that this is a great service you are providing for your viewers. Top notch!
working in a bank is a bit different to personal emails, you can ignore your banks emails, they won't do anything. a bank ignores emails and it could cost millions.
Same here, plus I’ve worked for a couple of Insurance companies that do this as well.
I would have been convinced. The time i nearly fell for it, my brother had just had a traffic accident, we were waiting for police report, hospital to ring etc, and a caller rang "we're ringing about the road traffic accident" "yes, the one in Blaenporth?" etc Finally realised it wasn't the police etc (they never did ring!). These 'random fishing attacks' will always be true for someone.
What made it click that it wasn't the police?
even though i'm hyper-aware and maintain excellent online practices, these videos always teach me something new. thanks for your hard work (:
definitely analyzing the lexicon of E-AASL was a big brain blast. I can't believe we have to ARG investigate our way into being not homeless every five seconds in this world
I hope this comment finds you in good spirits
Damn, it's almost like big companies are selling our data and that data ends up at scammers.
After it was revealed my government let russian spies access NATO servers for a decade i have no issues like this. I KNOW they likely sold all my private info themselves for russian cash anyway.
No kidding. One week after I made a facebook account (not by choice but by necessity) which requires a phone number I started receiving calls from unknown numbers... That is the first and only time I've ever received scam call attempts
The wording of the email got my scam senses twitching. It was far too personal, convivial and not business like at all.
Yes, the opening greeting was an instant red flag. The wording was indeed ‘flowery’, and archaic.
If I received such an email, I'd immediately say _goodbye to us._
Yeah, it definitely was, but just not broken in the way I have more commonly encountered where it says something like "your account have has been using for illegals buys"
10:53 Polish e-mail provider I use (o2) allows you to create completely custom addresses on its "vanity" domains (most are quite cringeworthy). They also have much bigger space for your e-mails than gmail.
I'm happy with my Proton service, though I do pay for their entire email, VPN, and other extras package. Users can create complete nonsense email addresses, both before and after the "@", that does not even appear to be from Proton.
@@Styphonit will appear, if you look. Also how does the behind the @work? You enter there server in the dns record for mail?
I started a new job recently, and they were very serious about in training telling us how to avoid phishing emails. They even said that they send out "fake" phishing emails of their own, and use it to track employees who click on it so they can do better training.
Clever.
One of my employers did that one time, too. I told the story in a reply above.
My job does those tests regularly.
They once published the results, they were not great. Phishing is scarily effective
That “I hope this message finds you in good health and high spirits” gives me so much sus vibes lol
Thankfully in my country (Denmark) we have an 'official' email that's regulated by the government (called e-boks) where any official documentation from banks, government entities etc. will be sent to. So you can just ignore every single email you get because they will never reach out for you in this way.
Also to log into official places like banks and even the beforementioned e-boks, you need your username and password as well as a 3rd party authenticator app on your phone.
Of course people can still and do still get scammed but it really narrows down the things you need to be wary of
That's cool!
"Don't be scared, be prepared."
From scam videos to cooking pizzas, somehown you make everything you do quite interesting and fun to watch.
Cheers from South America :)
I used to work for First Direct, which for those not in the know is a British call-center only part of HSBC. We were always clear during outbound calls that we'd prefer a customer say they're not comfortable and call us back than for them to keep talking with someone they're unsure about - we'd straight up say so. The same goes for email communications. Nothing sent in an email is so urgent that it can't wait a moment for you to log-in your account the slower, safer way.
A new trick is to add a green box saying for example 'Yahoo has verified this as a trusted sender' at the top of the email
I work in IT at a university and we see lots of reasonably good scam emails, but the sending email address is typically the dead giveaway. Not that people don’t get fooled. It’s like “No, Karen, HR didn’t send you an email from a hotmail address. How’s that PhD working out for you?”
One of my employers ran a phishing exercise once, with a benign hacker hired to run a security text. We were given a list of red flags to look for, then sent an email with some of those present, and a link at the end. I spotted one straight away (a typo in someone's surname, which was explicitly mentioned in the email) and did not click it. Half of my department DID - which I learned about because they were asking each other what to put into the login boxes on the next step out loud. They all had to retake the exercise.
I lost a little faith in the educated portion of humanity that day.
I've recently had a lot of fairly good fake eBay emails, saying I have a new message. I've got a lot of stuff for sale, so it's believable. The main giveaway is that I know what genuine emails look like, and I know that they include the message in the email, which the fake ones don't.
Had a similar thing ages ago with fake Amazon emails. The major giveaway, along with all the minor ones, was that I knew what genuine ones looked like.
For me it's that I will always go to the website myself
Well yes, that too, I go to the website. But I do that BECAUSE I was suspicious. That itself was not what made me suspicious.@@Soapy-chan
Be careful ... eventually they'll be smart enough to actually get a real Ebay account, and manage to invoke one of those emails to themselves. Then they'll just copy the text of a Real Ebay Email into their scam email.
Bottom line, don't trust it, even if by all accounts it *seems* legit.
Personally to prevent these type of scam I have one phone and one email I never use and only give to banks. Not even family member know that number and emai.
it may be eBay's data breach, but it may also be eBay sellers harvesting data on their customers and selling them (I similarly had an email that i used primarily for eBay that reveives lots of spam, but notably associated with a domain that did not exist in 2014)
I tell my customers to be aware of the three scam "keywords" - kindly, verify, and confirm. Every scam email I've ever seen contains at least one of these words.
And urgent. Or important.
I drive my niece to school everyday and she and I have been listening to scam baiting videos this week. She gets a kick out of it too. Thanks!
I've been getting occasional phishing emails that have disturbingly good facsimiles of the email layout of our government's email standards.
Only because I actually worked on systems pumping out the real emails, and know the internal html layout and graphics dimensions and naming of the real ones was I able to see the difference clearly, though I was warned by the ever so slightly odd wording and one of the images being a bit off in its scaling. Not enough to trigger anyone but people who actually have inside knowledge of the government email standards.
I've once received an e-mail that looked like it came from myself, saying they invaded my account and were demanding money. At first it was a chilling experience, since it really was my email. The thing is, after researching a bit i found out that they can fake the sender, so i ignored it and none of their threats were true
I'm getting a feeling that youtube is a scam. I click on the video, an ad plays up to 1 sec. before it can be skipped and locks up the content. Restarting it just puts it in a loop. Awful. OK?
I live in Belgium and I've noticed that all the phishing emails I receive are in Dutch. It's an instant red flag to me (i don't speak it, all my administrative and official correspondence is set up to French).
Well that is quite Belgium specific.
It is rare for country to have two languages of same officiality and inhabitants have practically exclusive knowledge of only one.
@Richdragon4 I'm not Belgian, I just live here 🤷♀️ pretty sure most Belgians have varying degrees of actual bilingualism.
My bank would just as soon step on my face as look at me, all that slobbery greeting is a dead giveaway
My bank never sends me kindly or wishing me good spiritual health messages, neither do my utility companies or government. Scammers would be better off saying: "hello wage-slave, give me dosh coz I want it". Bloody annoyed for people with Alzheimers/Learning difficulties/pressed for time and stressed ones. Anyway my bank makes me jump through hoops... thinking of turning dosh to gold and keeping it under the mattress! Gertcha!
I always use the word kindly when I email customers. Maybe this is the reason I don’t get a reply 😂
Maybe, it probably wouldn't hurt to try not using kindly for some time.
Scammers ruin lives to everyone.
As a former Halifax fraud prevention employee, I can confirm that they'd never send an email with those flowery wordings...
Generally speaking I only click on email links that I'm expecting to receive, such as Paypal invoices, with the confirmation from the other person that it was them who sent it. It's inevitable in this day and age that your information is out there being abused by somebody, the best you can do is apply reasonable doubt and try to confirm with the expected sender where possible.
Great video, thanks. BTW, what happened to the Spanish Omelette video from yesterday? It's vanished.
I've pinned a comment here about it
My mum who's elderly when she gets these bank scams always claims to be from her bank, always phones her bank directly and they tell her it's a scam.
Oh no, I'm up way too late. 😢 (3:00am)
Dude, it's 9:15
Incorrect, it's 3:16am
Sorry to hear! I hope you get to rest well. ❤
@@UltimatePerfection maybe on your side of the planet 🥱
As a professional translator, i work a lot for a bank. I see a lot of internal documents and customer facing communications. At least for that bank, there is a shift towards friendlier sounding messages to their customers, so "valued customer" does not look too weird for me. (There's a lot of empty, feel good wording too, depending on the type of communications, i've noticed.)
So considering that, there's really only comparing to recent communications from that same bank (if you receive them) to know if this flowery language is normal or not.
The reason that "valued customer" stands out like a sore thumb to me is that the phrase implies they also have customers who they do not value.
"Valued customer" always shouts "scam email" to me.
scammers have chatgpt now
this is like a constant pen test, they just keep evolving until one slips in, maybe you open your email when you were kinda sleepy that day and rip your info
stay alert!
Two things, firstly would you consider making a video on scams that you get via text? As I have noticed that I am getting a lot more scam texts. Secondly and most importantly can we please soon witness the return of John Warosa and Herry Mike Ridering?
I've been getting a few on my personal phone (WhatsApp messages mainly) referencing job opportunities, which I just roll my eyes at and block. However I did end up having a small text exchange on my work phone earlier this evening, the first message said something along the lines of they didn't have my number stored in their contacts and did we know each other. I said I didn't have theirs either, who were they? (Keeping it professional in case it genuinely was a client whose number I hadn't saved) The reply said they were 'Diana' and they weren't sure they knew me either, what was my name? I asked for their full name and where they worked so I could work out if they were one of my company's clients. No response and I searched the number which did show up as a potential text scam, so I blocked it. Fairly well written, and no obvious sign as to what the potential scam could be. One I'll be passing to my colleagues tomorrow to be aware of.
I had no idea that "kindly" is considered archaic in the UK. It's alive and well in the U.S., particularly the south. You learn something every day.
Hackers are getting so bad that at university they are teaching us to just hash all data or near all data that goes into a database. Sometimes even with multiple hashing algorithms
🧂
When I was a pre teen I made a handful of emails so I could make multiple accounts on websites like quotev. Ended up being amazing because I have different emails with different fake names so I only use my important email for like government websites and banks. Even when I order food ahead of time the baristas call out one of the random names because I don’t like food emails clogging up my inbox.
And broadly, at this point, nothing in any email from a bank or ebay or amazon or DHL ever needs to be taken care of within the email. If its asking for something, take your own self to the site and engage there, no clicking links. All relevant secure messaging can be accessed within these sites themselves. All my bank emails go to an address I barely look at because it doesn't matter anyway. If its real I'll see it next time I log in, if its important I'll get an actual letter.
I wonder if the improvement but oddity of phrasing in the scam messaging might also be a result of generative AI. Based on my exploration of how AI writes, this format and word choice is quite similar.
i'll watch this soon, after my lgr vid, but wondering if we'll get to see the spanishish vid again soon? i wasn't quick enough to watch earlier
The wording would be an immediate red flag for me. Yes, the word “kindly” but also the banner. It doesn’t have a formal tone. Whilst not informal, it doesn’t sound like a corporate entity. Even if they’d said “we hope…”, what on earth is “good health and high spirits” - nobody speaks like that! And then they repeat the spirits thing in the first line: “…good spirits”. And then “if adjustments are to be made” - that sounds like a copypaste from an official document. The correct phrasing would be “if this is incorrect”. Then it says it’s required immediately. After saying “inform us at your earliest convenience” - sounds like two different messages.
Other things “vital *for* us” - should be to us. And “clear” communication isn’t the right term either.
Overall, it’s a better attempt than normal, but the “different” English and poor phrasing do give it away somewhat. It might get passed the casual observer. I just program myself to automatically assume every message is a scam until proven otherwise.
Thank you for your work, Shrimp. Love your channel. Keep it up!
I just literally never check my email which is a good and smart way to live. Just like I don't answer any phone call or even get my mail out of my mailbox. My ADHD being completely overwhelmed by modern life FTW 😅😢
Might be worth making a future scam video about defunct or old linked-email accounts and the associated risks. Many people still have their social media and other online accounts linked to old sometimes forgotten about email addresses (ISP based ones and older webmail accounts) from when these accounts were originally set-up, even though they have since moved on to other email providers. These older email accounts rarely support or have 2FA, use short weak passwords and regularly feature in data breaches. They are commonly used by criminals to request password resets for all linked accounts.
Again, an interesting video, informative.
Recently here, a friend of mine received an actual paper-mail phising scam attempt, surprising in that this sort of thing costs the scammer money...it even included a postage-paid return envelope...pretending to be from both a bank and the government tax agency.
Have you encountered any of these sort of scams..?
When I get phishing e-mails, I usually open the phishing form, then enter BS, but plausible-looking data. The idea is to pollute the database so much with fake credentials that the scammers give up on trying to get into real accounts before they come across actual credentials of some unsuspecting victim.
It's a good idea in principle, but there's the possibility of clicking on a link that instead of phishing, is something like a zero day malware attack
@@AtomicShrimpThat's why I always do that in a VM.
@@UltimatePerfectionyou must have a lot of time! I'd wager that it's taking you more time to do, than it's taking the scammers to work around. Not worth it imho bro, save yourself the time.
Good idea!
I bet we could automate that... 🤔
@@saschamayer4050 Just make sure the data looks plausible. The people behind it will probably scroll past Mr Dampy Wonkypants without even trying.
Have a suspicion, check the email header. If it is someone's name and a bunch of letters, figures, and numbers, watch out.
3:20 If the resource is served from the scam domain, would the scammer not be able to see the HTTP GET request you make for that resource? Or is that more from the angle of, since the image URL is sufficiently generic, they wouldn't be able to differentiate a click from you from anyone else who might've viewed that email?
Yes, but there was no unique naming to the image. What some spammers do is to embed an image named say logo2453765.png, using a unique numeric part for each target, then they don't just know *someone* clicked, they can correlate it to the email address they sent that one to
11:08 so is PLEASENT GREEN another RUclipsr that fucks with scammers and even helps them to break the cycle of being a scammer
To quote a classic scammer, "Don't be scared, you're in the right place, ok"
Commenting to bump the video. This is simple yet great advice more people could use
I unfortunately also was affected by a data breach and am still suffering from the effects with spam mail and spam callers.
My little sister got scammed last week on Facebook trying to buy football tickets. She showed me the message it was CLEARLY an African on a hacked fb account. Got her for $200. The language was soooo bad. It was laughable that she fell for it.
As always, great advice. I have been in IT for 30 years, and I haven't seen everything. Even I occasionally fall victim to clicking on bad links. These videos are a great help to everyone online. Thank you.
Is kindly archaic? Less popular now than it used to be?
"Thank you kindly" just rolls together so easily and charmingly though!
It's a fun phrase to say, here in the southern USA.
another banger of a video my guy
My secret is i don't read unsolicited email. I actually hardly read any of my email.
Why do people read unsolicited email? I can't imagine it to be related to loneliness, because i am the most lonely, friendless person i know, and still i don't find joy through email.
I dunno. Nobody ever deserves to be scammed, but i think people need to stop reading unsolicited emails. I equate it to unsolicited snail mail. i.e: when is unsolicited snail mail ever anything good? Never. Same applies to email.
I must now revive the usage of the word kindly.
could you kindly refrain from doing that, perchance
I prithee, foreswear such folly upon the instant.
So then no worries about centralising data in a digital world (I'm pointing this rhetorical remark at you, UK Government) thus making it the ultimate honeypot?
A jolly good video in the morn’. Kwoite a blummin’ brilliant session of scambaiting it was, may the King’s blessing be on you.
bloomin'?
I don’t think any company in the U.K. would use “I hope this finds you in good spirits”. That sounds like scammer language and I immediately wouldn’t trust it.
10:38 it used to work. but with time, more and more websites block this option and don't accept plus sign as a part of a valid email address
See you all at the shack in the mountains! And...wait - is Shrimp's first name not actually Atomic? (Thanks for the very helpful vid.)
Interesting you find the sentence "I hope the message finds you in good health and high spirits" is too informal for you. As a ESL speaker whose job involves speaking and writing in English, it sounds archaic.
There are some scammers giving out 80 90usdt in the hopes you will deposit back 100usdt back to them, theyve contacted me 4 times with different companies as a job front and i just take the money from the "training" then simply leave lmao
As a Halifax customer I would have deleted this instantly. NO bank in the UK is going to ask how I am. 😂
Things scammers say that give them away: Kindly, good health, high spirits, valued customer. Help expand this please
From what I've learned, any email with a link is suspicious. If you have to go somewhere, you type it out yourself in the browser.
That was hardly subtle in my opinion. "Find you in high spirits"? I don't think any major bank or corporation would ever use that language.
Real stuff is always so... sterile. Fake. Impersonal. That's always my number one flag for scam emails: It's all about the language. It's hard to describe, but it's always so obvious to me.
the solution (for most of those emails) is to go to the real site directly instead of the button.
most companies will ask the user to go to the site *and* include a direct link, if it's just a link it's probably a scam.
today most companies will also send you an sms and an email at the same time and the sms number will most likely already have a few messages (like confirmation for the first time).
conclusion:
every single time just do a few more clicks and go to the actual site.
Can't you just call the business/ go to the business nearest you that wants your information to confirm from them that it's legit?
Why can't companies just ask you to make the phishing e-learning? I might actually watch it then ..
...and of course some miguided programmers at some institutions can't seem to read the relevant email RFCs, and will not allow plus addresses, claiming they're improper. But for those who aren't so dain bramaged, yes, that works fairly well. On the Gamil end, one can set up filters to sort these into labels, or to delete emails that become annoying.
Here's what I do, I just don't trust ANY email, at this point IDK why and legit firms send their customers emails with links in them at all.
A bank would also never say "i" as well as "good health and spirits' 😂