Thursday, July 25, 2024

But I didn't purchase Bitcoin!

Question from a reader: I just received an email that says, "Thank you for your purchase", but I didn't make the purchase listed in the email. What should I do?

If you don't recognize the purchase, you should always ignore any links or attachments in the email and just go to the website for whichever account the email claims was used to make the purchase. For example, if the email says it's from PayPal or that your PayPal account was used, go to paypal.com. Or, if you have an app already installed on your phone for PayPal, launch that app. Log in normally and see if there are any messages there for you or if there are any actual pending or posted transactions that match the email. If you are still unsure, use the messaging tools within the actual website or app to chat or send a message to confirm the company in the email actually sent the email.

In many cases, these types of emails are scam emails and the scammer is using a "phishing" technique to try to scam you. If this happens to you, use the options in your mail client to report the email as a phishing email, or if you can't find a specific report phishing option, report the email as spam. Do not open any attachments or click any links. Once reported, you can safely delete the email.

Here are some indications that will tell you if the email is fake:
  • The email address is from an individual with a yahoo, outlook, gmail, or other generic account, rather than from an official for the actual company (paypal.com, citi.com, etc.)
  • The name for the email and the email address do not match up: For example, the spelled out name is Jane Doe, but the email address is richard123@gmail.com.
  • The email body has no reference to your actual name or any greeting, but instead only uses your email address to address you. Or, it uses terms like "Dear customer" or "Dear client".
  • There is an attachment to the email that details additional information - never trust an email attachment unless you know the sender and are expecting them to send you an attachment or you can confirm with the actual person that they sent you an attachment.
  • Also, major companies will not email you an unsolicited attachment. Instead, they'll direct you to their official website or app where you can log in to your account to get the details.
  • The email asks you to call a number, especially if it's not a toll-free number. If you google the number and your search results don't indicate that is an official phone number used by the company, that you usually tell you that the number belongs to a scammer, rather than the actual company.
  • In many cases, the email is mostly harmless, as the scam officially begins when you call the number.
Kara and I have a work friend, Jim Stickley, who owns his own security company and who puts out videos talking about scams and scammers. Here's a good video to watch, but anything on his channel can be helpful:

https://www.youtube.com/watch?v=3pPwPJnc2_M



Channel: https://www.youtube.com/@JimStickley