Ever since the early days of the internet, scammers have been working to steal our money, and sometimes our identity. And while we as internet users have gotten more aware and are more capable of identifying scams, the bad guys have gotten better too, which means danger is still out there, lurking behind every digital corner.
However, the best defense against cybercrime is not to avoid using the internet. Doing that would be denying ourselves all the best things the internet has to offer, such as educational resources, social media, and, of course, pictures of cute dogs. Instead, the best thing you can do is to inform yourself about how hackers work and about the most common types of scams out there.
Email scams, also known as phishing, are some of the most prevalent threats, so it's important to understand what they are as well as what they look like so that you can steer clear and stay safe while surfing the web. Read on to find everything you need to know.
Understand the Risk of Email Phishing
To help you understand the risk that email phishing poses, consider the following:
What is Phishing?
According to phishing.com, phishing is a type of cybercrime in which hackers contact you while posing as a legitimate institution or organization in an attempt to get you to provide sensitive or private information. Once they have this information, they most often use it to commit financial or identity theft, the consequences of which can be extremely severe.
This type of phishing can occur over the telephone, via SMS text message, or, as is most often the case, through email.
Other phishing attempts will ask you to download a file or click a link, and doing so will infect your computer with malicious software that can cause your personal information to end up in the wrong hands.
Integral to almost all phishing attempts is website or email spoofing. This is the practice of creating a website or email template that nearly perfectly mimics a legitimate website. These designs are very professionally done and can be almost impossible to distinguish from the real thing.
Often times, the website design will be very similar, but the URL will be slightly off, as is the case in this example of a spoofed version of Amazon:
When it comes to email, spoofed emails make it incredibly difficult to know if the email is real or not, which is why you need to know what the most common scams are and how to spot them. Here are a few examples of spoofed emails, one from "Netflix" and the other from "Bank of America."
Even to a trained eye, these appear to be 100 percent real, even though there are always slight differences that will tip you off to the scam. But not recognizing these differences means falling for these spoofed emails and succumbing to the consequences that can result.
9 Most Common Email/Phishing Scams
There are countless examples of email phishing out there, so many that we could never identify all of them for you. However, we can point out some of the most common, as well as some of their characteristics, so that you can get better at spotting them and knowing when not to click.
Here are the nine most common:
Who is more trustworthy then the federal government? Well... maybe that's not the best question. But regardless of your politics, we still tend to think of the government as a safe space, one that can't be hacked. Yet this is simply wrong. Emails go out all the time designed to look as though they are from a government agency, most often the FBI or Medicare, and they are designed to trick you into giving away your personal information.
These phishing emails are exceptionally dangerous because they often ask for your most important information, such as your social security number, and because the email appears to come from the government, we are more likely to give this information away.
Common scams include telling you that you have been put under investigation for "downloading illegal files," or that you need to update a government account with your correct information. However, when the government needs you to do something important, they typically send you a letter in the mail. If you've signed up for paperless communications, then check to make sure the suspicious email is coming from the same sender as previous messages. You can also contact the agency directly to verify if the email you've received is real.
Fake Tax Emails
Along similar lines, hackers will prey upon people's fear of making a mistake on their taxes to get your personal information and rob you. These emails are much more common around tax time (early Spring), and they usually say one of two things: you're being audited and you need to submit information; or, you've been pre-approved for an early refund.
The early refund ploy is a classic example of something being too good to be true, so be skeptical if you receive a message of this nature. And if you're being audited, the IRS will communicate with you in some other way besides a quick email.
Plus, getting audited is a really big deal, so if you do get a message saying this is about to happen, the first thing you should do is get in touch with the IRS. If it's real, they will most definitely know about it, and if it's fake, this will save you the trouble that comes with falling for a phishing attack.
This particular scam is troubling because it plays on our natural desire to help other people. These emails will come from someone claiming to be in a desperate situation who needs your help. Sometimes they come from strangers, but other times are sent by people you know whose account has been hacked. Yet no matter what, they will ask you for one thing: money.
Sometimes they will directly request you wire them some money, but in other cases they will ask you to book them a hotel room or buy them a plane ticket. They will typically tell you some sort of sob story about how they had been robbed, or how they lost their wallet, and now have no money to return home to safety. They may ask you to send them your credit card information, or they may send you a link to click on. Either way, don't do it.
If the email comes from someone you know, there's a simple solution: contact that person to find out if they really are in danger. When the email comes from a stranger, it's phishing. Ignore it. It's as simple as that.
Update Your Account
Another common phishing scam comes in the form of a spoofed email, from a trusted organization, saying there is a problem with your account that you need to fix immediately. To make this "easier" for you, the email will usually come with a convenient link to a spoofed website where you will provide login information for that site. But, since everything is fake, all this will do is give your private information to the hackers, which they will use to steal whatever they can from you.
To prevent this, remember that if there truly is a problem with your account, whichever company you are working with will probably not try to reach you by email. If they do, they will usually refer to you by name, and there will typically be several layers of security that you must pass through before you can actually make changes.
For example, you may need to enter a code sent to your email or cell phone, oryou will need to answer some security questions. They will never just send you a link that brings you immediately to your account.
Should you get an email like this and you really can't tell if it's real or not, the best thing you can do is reach out to the company or institution that contacted you to see if there is a problem, and if there isn't, this is a great chance for you to alert them that they have been attacked and need to address the security of their site.
You're a Winner!
We all have dreams of winning the lottery, and while it's quite unlikely this will happen, it's impossible if you don't first enter the lottery. This is where we get the whole "you've got to play to win" idea.
However, email scammers will play on our desire to win things and send you fake emails claiming you've won a special prize. These prizes can range from free vacations, to iPhones, to large amounts of cash. But to claim this prize, you will need to provide the person who sent you the email with some personal information, and this should be a giant red flag.
These scams are tempting - we all love the idea of free stuff - but before you turn over your private information to a stranger, ask yourself: did I enter this lottery or contest? If the answer is no, then this email is most certainly a scam. If you're not sure, then spend some time looking through your emails to see if you have any records of entering. Another option is to try and find out who is making this offer so that you can contact them directly. Not being able to find this contact information is another red flag, and it's always better to be safe than sorry.
Often referred to "sextortion," this scam usually comes in the form of an email from an anonymous sender saying that they have figured something out about you that could be compromising. For example, they may say that they have caught you watching pornography, or they may claim to have photos of you that you wouldn't want to be released to the public.
Often times these hackers get your information from accounts that have been deactivated or deleted, and this can cause them to know some things about you that will make anyone uneasy. But all this does is make the scam seem more real, even though it's not. Sometimes they will send the information using a spoofed email that looks like it comes from somewhere official, but this is only meant to make their false claim more believable.
However, no matter what the sender claims to have, he or she will almost always ask for some sort of a "confidentiality fee," which they will almost always ask you to pay in Bitcoin or some other cryptocurrency that can't be traced.
For those of us who don't engage in this potentially risky behavior, avoiding this scam is easy because it's impossible for the sender to have something that doesn't exist. However, if you're worried there might be some stuff out there about you that you don't want to get out, it's still not worth it to pay. You'll never get that money back and there's a good chance there was never any real danger in the first place.
The cloud has made life considerably easier for most of us, and scammers know this, so they will often use file sharing services as a way of gaining access to your personal information. Typically, to execute this scam, hackers will send you a spoofed email that appears to come from Google Drive, Dropbox (one of the most commonly spoofed websites), Office 365, etc., informing you that someone has shared a document with you.
These emails will usually appear to come from someone you know, which means they will look completely real at first glance. If you click on the link, you will be brought to a login page - again, not suspicious - but filling out your information will provide the hackers with access to your accounts, which they will then use to access other accounts and steal your identity.
The best thing to do to prevent this is to double check the sender's address to make sure you recognize it. If it looks wrong, it probably is. Should the email come from someone you know and it seems suspicious, double check with that person before opening the document. Remember, when in doubt, don't click.
Ordering things online has become a part of life, so much so that we often forget we've ordered stuff until it arrives on our front door. Or, people send us stuff without us knowing us about it. Either way, this represents a nice opportunity for hackers to try and steal your information.
In most cases, the email will be a spoof that has been made to look like it comes from UPS, FedEx, DHL, the USPS, or some other delivery service. It will tell you that there is a problem with a package on the way and that you need to provide some more information to complete the delivery.
Conveniently, there will be a link for you to click on that will ask you to provide login information, but because the site is false, all you will be doing is providing your personal information to a hacker. In some cases, clicking on the link will trigger an automatic malware download, which can wreak havoc on your computer and ruin your life.
Preventing these scams requires you to know how to spot spoofed emails and websites. If you're unsure if the email is real or not, look back into your email history to find an email you previously received from this company and compare it to the one that looks fake. If there not the same, then there's a problem, and you should contact the company directly to find out what is going on. Spoofed websites will often include misspelled names or weird punctuation, so keep an eye out for this in the event you do click on the link provided in the email.
Check This Out
Email forwarding is nowhere near as popular as it used to be, but it's still hard for us to resist an email that says something like "check this out!" And it's even harder to ignore these when they come from someone we know, which is why this scam works so well.
In this version of phishing, hackers send you an email that looks like it comes from someone you know. The name will be exactly the same, but the email address will be slightly different, which is how you know it is a scam. In the body of the email, there will usually be a link to a photo or website that you're supposed to check out, but clicking on it will start a download on your computer that could cause you some serious problems.
If you get an email from someone sharing you something, make sure to double and triple check the address. Look back for past emails from that person, and if you can't find one, ask yourself why this friend has chosen now to send you an email. To be safe, send them a message on another platform to find out if it was really them that sent that email, and if it wasn't, this will alert them that someone hacked their email and that they need to address the security of their account.
How to Stay Safe From Email/Phishing Scams
The best way to stay safe from phishing scams is to know what they look like. The nine we've outlined above are the most common, but there are always new ones being circulated. As a result, to stay safe from phishing scams, keep the following tips in mind:
- When in doubt, don't click.
- Always assume that something that seems too good to be true is too good to be true.
- Double check sender's addresses and URLs. Spoofed emails and websites are usually only slightly different and require you to pay close attention.
- Seek out alternative information, either from the company that is supposedly contacting you or on Google to see if other people are receiving similar emails, and if they are legitimate.
- Contact friends and family when you receive a suspicious email from them to see if it's real or not.
- Look for spelling errors in the messages you receive. Real companies spend time to make sure the emails they send are correct, hackers don't.
- Check to see if the company addresses you by name. This doesn't necessarily mean the email is legit, but it's a good sign.
To give yourself the best chance at staying safe while using email, it's important to know how to recognize fake emails from real ones. Not sure if you're up to the task? Take Google's phishing quiz to see how good you are and to learn some of the best ways to prevent falling for phishing attempts.
What to Do if You Click
If you do happen to click on something and realize you've fallen for a phishing attack, here's what you should do:
- Contact your bank to let them know what happened. Depending on the nature of the attack, it may be wise to cancel your cards and reissue them.
- Contact the authorities so that they are aware of this type of attack, and also so that you can prove it happened in the event your identity is stolen.
- If the phishing attack came in the form of a spoofed email or website, contact the company or institution in question to alert them that someone is out there using their graphics and email lists to steal from people.
- Contact credit reporting agencies to let them know of potential fraud.
- Monitor bank and credit card accounts to make sure there is no suspicious activity.
- Consider doing a scan on your computer for malicious software, or reset your computer to a point before the attack. If you're not comfortable doing this on you own, take your device to a professional to have it inspected.
Hopefully, you won't need to follow any of these steps. But if you even slightly suspect something is wrong, take action to prevent yourself from getting into real trouble down the road.
Nowadays, most email clients, especially GMail, are quite effective at filtering out scam attempts and keeping you safe. But they are far from perfect, which means bad emails are bound to get through, and hackers are always improving, meaning there is likely no end in sight.
As a result, the only thing we can do to stay safe is remain vigilant, and now that you know what some of the most common scams are, we hope you can email your way into the future without fear.