How to recognize an email scam or phishing attempt

• The sender's name reads Facebook
• The sender's email address is not @facebook.com
• the reply-to address is at a different domain than the sender (seinan-gu.ac.jp vs. mail.bg)

Now, let's check out the message body. Notice anything odd?

• Does Facebook really run a lottery? We've never heard of one.
• Would Facebook really give away 50 prizes of 1 million British pounds? That's about $77.5 million, and way more money than a non-gambling site on the Internet would ever give away.
• Most lotteries are regional. I'm from Canada, so would I really be eligible for a lottery based in the U.K.?
• Did I even enter a lottery?

Since this is supposed to be an official notice from a well-known company, you'd probably expect it to be well-written -- like any piece of business correspondence. Is that the case? No.

• "might result to funds been returned unclaimed" is nowhere near proper English
• "incharge" is not a word

So it looks like this message is already on shaky ground -- but why don't we do a quick search and see what we can find out about Bridget? As it turns out, "Facebook" has been notifying winners since at least October 2010. Bridget also has scores of email addresses, none of which are at facebook.com. If this was a real person and she did actually work at Facebook, she'd certainly have a email address like bridget.smith@facebook.com.

Scammers tend to re-use an email's message text over and over again, so copying all the text and pasting it into a Google search is a good way to find out whether or not you're being scammed. The message I received is all over the Web -- and frequently posted to sites which expose email scams.

Knowledge is your best defense against email scams and phishing attempts. By putting a critical eye to messages like this one, you'll have no trouble keeping yourself from getting caught in the phishing net!

Tags: email, how-to, mail, phish, phishing, privacy, safety, scam, scammers, security