Occasionally you might receive an e-mail that seems like it has come from Lupus Europe but has not been sent by us. This might be a fake message that has been sent by scammers, criminals who want to steal your data and your money. This kind of scam is called “phishing” or “spear phishing” and it is, unfortunately, very common worldwide. Recently, a number of not-for-profit organisations and their members have been victims of such attempts. Fake messages are increasingly sophisticated, looking like real ones, so you have to be careful and learn to spot scams!
We have put together some tips you can use to recognise phishing and spear phishing:
- Double check the sender’s e-mail address
Any communication from Lupus Europe, or from any other legitimate organisation, should come from that organisation’s e-mail system, not from an unknown email address. For example, an e-mail from one of us at Lupus Europe should come from firstname.lastname@example.org (where sender is the name or position of the person sending the e-mail), not from email@example.com or firstname.lastname@example.org
Also check that the name or position of the person the e-mail is meant to have come from is spelled correctly.
Watch out, what matters is the email address, not the name that appears as the sender. Faking e-mail addresses is very easy, spotting these differences can help you spot scams!
- Check the e-mail’s content
Does the e-mail’s content seem valid? Are there typos or spelling errors in the e-mail? Do the grammar and tone of the e-mail seem appropriate for the organisation it is supposed to be coming from? Beware of content that seems odd, unusual or inappropriate.
Always double check with someone else from the organisation or using another method of communication if something feels off. Do not try to check by responding to the sender!
- Is the sender asking you for money, your bank account number or any other personal financial information?
Be careful of any e-mails asking for this information, even if the sender is saying they need your bank details so they can send you money. Never give your bank account number, personal financial information and do not send money unless you are absolutely sure who you are sending it to.
Use another method of communication to verify the e-mail asking for such personal information actually came from the organisation or person it appears to have come from. E-mail someone else in the organisation or contact the sender using another communication method to double check the e-mail is genuine before giving out any information. Always beware of any e-mails that ask for such information or money.
Please remember Lupus Europe will never ask you for financial support beyond your membership fees.
- Is there a sense of urgency in the e-mail?
Scammers know that people who have time to think something through, can often pick up on things that are a bit off about an e-mail or communication. This is why scammers commonly ask that people act now, urgently, without any delay. This type of scam is usually linked to requests for help, money, financial information, bank account numbers, passwords et cetera. Also beware of e-mails that tell you you need to follow a link urgently, within 24 or 48 hours or else you will lose access to one of your accounts.
Phishing scams that create a sense of urgency are really dangerous, because people can respond quickly without thinking things through. Beware of any e-mails that create a sense of urgency, especially when they are linked to requests for financial help, personal financial information, your passwords et cetera.
Take some time to think things through.
Does the request make sense? Always double check requests that appear strange or off with someone else in the organisation or through another means of communication before you respond!
Do not fall for scams!
I received a suspect message from an organisation. What do I do?
Do not share any bank details, personal financial information, passwords and never send money!
Do not download anything from a message you think is fake. Do not click any links contained in the message. Get in touch with the organisation through another e-mail address you know for a fact is genuine and have used before or get in touch with the organisation using another method of communication; do let the organisation know you received what you think is a phishing e-mail.
I received a phishing e-mail and downloaded something from the e-mail or sent money to the scammers. What do I do now?
You should always have antivirus software installed on all your devices. If you downloaded anything from a phishing e-mail, scan your devices for malware using your antivirus software. If you replied to the e-mail and sent scammers your bank details or any money, do get in touch with your bank and the police immediately.
It’s very easy to fall for a scam like this, learning what to look out for helps stop the scammers.
Here is a video on Phishing and Spear Phishing from the European Union Agency for Cybersecurity (ENISA):
To find out more about phishing, you can go to: