Email Scams: How to Recognize (and Avoid) Them

We have all received email scams, whether we want to believe it or not.

Scam emails are blasted out into the interweb about as often as a Kardashian sends out a tweet. And as the world wide web has become faster and more sophisticated, so too, have email scams – or phishing. No, we don’t mean casting a line off a dock or boat, phishing is the “fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers” according to the Oxford Dictionary.

While the word may look a little funny, the repercussions of falling victim to phishing email is anything but comical. The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in one year. While it may seem cynical to be suspicious of all emails, it is better to be cautious than to be out hundreds or even thousands of dollars, or have to deal with mountains of paperwork to see even a portion of the money lost to a scammer.

What exactly is an email phishing scam?

The main goal of the email scam (which can also come through a text message) is to trick the recipient into giving away personal information. This includes passwords and social security, credit card and bank account numbers. Once this information is acquired, the scammers are only a few quick keystrokes away from draining your bank account or raking up a huge credit card bill.

These scammers aren’t dumb either. They know the words and phrases to use to catch the recipient’s attention and create alarm. Words like “suspicious activity,” “refund” and “account on hold.” To the average consumer, who pays bills on time and has had no trouble in the past, phrases such as these can ring alarm bells. “Why is there suspicious activity on my account?” “Why would my account be on hold?” Since these emails are (seemingly) from a company you know and trust, why wouldn’t you go further into the email to find out more?

And that’s when they get you! It can be just that fast and just that simple for a phishing email to get all your personal information. You get an email from a social media site you use often, an online store you shop at frequently, even your bank that looks legitimate. It says things like “You need to update some information. Just click on this link or open this invoice.”

STOP!

Don’t do it!

It may seem so innocent. Why wouldn’t a store or credit card need to update information occasionally? Scammers are counting on your trusting nature to get to your personal information.

It is often not obvious that the email is a scam. Email scammers are very smart, very sophisticated individuals. They have made it very difficult to easily spot that what you are being sent is not the real deal. They will use the logos from companies/stores/banks as a front to legitimize the email. While this can be harmful to you as the consumer (if you give the scammer any information), these emails also damage the reputation of the company they are pretending to be from. While there is nothing the company can do to stop these types of emails from being sent, consumers will lose trust in the real company if they continually receive scam emails from scammers pretending to be them.

Unfortunately websites with high traffic volumes (like online shopping sites or banks), are more prone to security risks. If your business has a high traffic or “high performing” website, it is not just your email you have to keep secure but your website as well. Businesses such as these should consider switching to dedicated servers for high performing websites.

So, just like you lock your doors to keep thieves out of your home, you also need to protect yourself from online scammers. This also applies to Facebook. I’m sure you have gotten more than one message from a friend that states “I’ve been hacked, don’t open anything from me.” If you’re not sure how to make your Facebook profile more secure, there are steps you can take to prevent scammers from accessing your personal information.

Maintain the Security of Your Device

Protect your computer with security software. Think of it as a deadbolt for your computer. If it’s locked, you’re secure. However, it is important to make sure the software is up-to-date so set up your software so it automatically updates – then your computer is secure at all times.

But it’s not just your computer that needs protecting. Mobile devices are for many people the go-to device for reading emails. Four out of ten emails are read on mobile devices. That means email scams can come to you through your phones or tablets as well. So protect them with security software, too.

Through both your computer and mobile device you can also set up multi-factor authorization. You’ve seen these before. Sites that require not just your password but also a passphrase, or a question you have to answer like what street you grew up on or your favorite teacher in school. These questions are nearly impossible for a scammer to get access to or be able to figure out. Your mobile device may also require your fingerprint, voice authentication or a face scan for approval. All these systems are built-in to keep you safe from scammers.

You can also keep yourself safe by not having all your data on your computer. Back up your files onto a hard drive regularly so you have all the information you need, but it is not on your computer, which can potentially be hacked. This may all seem like overkill, but as the old adage goes “it’s better to be safe than sorry.”

How to Recognize a Scam

Be on alert, keep your devices secure – those all are great ways to keep your device safe from scammers. But it is also important to know what to look out for. There are several red flags that indicate a scam email and steps to take before opening or clicking on anything inside.

First of all, do you even have an account with the company? If you receive an email from a bank, but you do not have an account with that bank, it’s a scam. If you get an email from a streaming service like Netflix, but you do not have an account with them, it’s a scammer trying to get access to your personal information. If you receive an email like this, report it to the Anti-Phishing Working Group at reportphishing@apwg.org and then delete it.

If you receive an email from your bank about your account and you are wondering if it is a scam, call your bank. But don’t use the phone number from the potential scam email. Use a number you trust. Representatives at your bank, credit card company, or streaming network will know if the company is sending out emails asking it’s customers for personal information. They can verify that the email is legitimate or, more likely, inform you that it is a scam and suggest you report the email and delete it.

Another red flag comes in the email greeting. If it’s generic like Hi there, or Hi Dear, or Dear customer it’s most likely a scam. The companies who have your personal information know your name. They would include it in their greeting. Scammers would not necessarily know your name so they create a blanket greeting they can send to thousands of email addresses at once.

What should you do if you’ve been scammed?

If you think you have been a victim of an email scam, the important thing to do is work quickly. Update your security software immediately, contact IdentityTheft.gov and follow the steps to protect your personal information as soon as possible.

The digital world can be an overwhelming place. So many companies want your contact information it can be difficult to remember where you’ve given out your information. All it takes is a click or two to let a scammer in and create a nightmare for you.

So be vigilant. Look for the telltale signs of an email scammer. Report them if you receive them. Stay educated on email scams and be safe!