By now, you have probably heard about the different email phishing scams going around, especially if you listen to the news. We decided to review some of the most popular ones, so that you could be better prepared.
Phishing is defined as “the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.”1
Basically, criminals pretend to be someone you trust in order to steal important financial and personal information. They can use this information to log into peoples’ accounts, like bank accounts, to transfer funds. Also, they can sell it to other criminals. Phishing can be done through phone calls, emails, texts and other communication forms.
Below, we cover the top 5 phishing email scams, which we saw last year and expect to continue this year. Many of these emails include a link you are expected to click on and enter your credentials. For instance, you may get an email from Facebook, indicating that your password will expire, if not updated. Usually, the link is to a fake website the criminal created. The cyber criminal uses this info to access your account. Because many people use the same login, the criminals can access other online accounts, like financial ones.
Top 5 Email Scams
Account Disabling or Suspension
You may receive an email (see example below) from a bank, e-commerce or social media site about an account suspension or closing. For instance, a criminal pretending to be from Amazon may send you an email saying that your account will be suspended, unless you click on the included link and update your security info. This creates a sense of urgency, because it makes people feel they have to respond quickly.
Suspicious or Unusual Account Activity
Like the first scam, you may also receive an email that your online account was compromised or they detected unusual activity. You will need to click on a link to login and secure the account.
Google Email Scam:
Tax Related Scams
During the tax season, these scams increase significantly. A criminal, who poses as an IRS representative, may send you an email about owing money or receiving a refund. Please note: the IRS will never contact you by email or phone. They do things the old fashion way. They only send notices through regular snail mail.
IRS Email Scam:
Employer Related Scams
Usually, criminals find these scams are very lucrative. By taking advantage of human error or insecurities, they can get valuable information about a company’s employees or clients. One example of this type of scam would be an HR representative receiving an email from what appears to be the company’s CEO or COO asking them to put together a report with employees’ information. Naturally, the recipient wants to respond quickly to the executive’s request and doesn’t suspect it’s a scam.
In 2016, this happened locally at Main Line Health, when an employee replied to a scam email with personal information on 11,000 of the health system’s employees. 2
Malware and Ransomware Scams
Like all of the email scams above, malware scams have the same objective: to make money. How do the cyber criminals do it? They trick the email recipient into clicking on a link or opening an attachment. When they do, malware starts to load on their computer. If they are really unlucky, they may get ransomware which will install, lock up important files and demand a payment to unlock them. Other forms of malware will track computer users’ keystrokes and activity to collect valuable personal information and passwords.
An example of an email which may have a malware attachment:
How Can I Avoid These Email Scams?
If they educate themselves, people can avoid these scams. If you know what to look for, you will be prepared. A good rule of thumb is to never open an email or link from someone you do not know or recognize. Also, you can ask yourself a few basic questions like have I ever been contacted by the IRS or Microsoft before? Do they contact people this way (email, call, text, etc.)?
If you look at an email carefully, you can often see signs that it’s not legit. The senders may misspell words or include poor quality images. Also, you should carefully check the sender email address. If you get an Fedex email from firstname.lastname@example.org, you know it’s not legit. Also, criminals often shorten the website links they include in the body of their emails. Without clicking on them, you can hover your mouse over them and see the complete link. If an email is supposed to come from Amazon, but asks that you click on some weird looking link, you should avoid it.
Finally, to check whether or not an email is legit, you can go directly to the source. If you receive a notification from Google, look up the company’s support number and call them about the notification. If you get email from a company executive which looks suspicious, then contact them. They may not be happy you called, but at least you avoided a large disaster.
- Wikipedia “Phishing.” Link to Article
- ABC 6 “Main Line Health employees’ information compromised in email scam.” March 3, 2016. Link to Article
- FTC.gov “Scam Alerts.” Link to Website
- Fortune “Email Security: Beware These Top 10 Phishing Lures.” Link to Article
- NBC News “Massive Phishing Attack Targets Gmail Users.” Link to Article