How to detect fraudulent emails
Learn how to detect fraudulent email and take steps to protect yourself
Email scams have been around for years, and phishing is a type of email scam. Between 2010 and 2014 alone, phishing incidents increased by more than 160%, costing companies around the world billions of dollars and affecting more than half of internet users. Learn how to spot fraudulent emails and phishing scams and protect yourself.
What are email scams?
Email scams are any scam that uses email as its primary vector. The most common email scam is the phishing scam, followed by the spoofing scam.
Phishing is a type of scam in which the scammer tries to obtain confidential information from potential victims.
Phishing involves making it appear that an email is coming from a legitimate source. Most often the two are used together to craft elaborate scams.
How do fraudulent emails work?
These scams first find their way into your inbox and appear to come from a legitimate source. They often occur in the form of messages about some great opportunity that you need to take advantage of immediately or some kind of emergency or problem that you need to handle and resolve.
There is almost always a sense of urgency that is designed to motivate you to act immediately without thinking. Scammers know that the more time passes before you take action, the longer you will think and the easier it will be for you to spot inconsistencies in the email and be suspicious.
The idea is for you to act with a sense of urgency, and it usually involves clicking on some type of link that will take you to the scammer’s website, where you will be asked to log into your account or take some other action designed to obtain your personal data.
Sometimes, just clicking on the link will download malware to your computer, where it will wreak havoc. The same is true if the email includes some type of attachment, which is usually malware that is inadvertently downloaded to your computer when the attachment is opened.
However, once you provide your personal information, such as your phone number, social security number, bank account number or PIN, it will be used by the scammer for fraudulent purposes.
How do email scammers find victims?
Email scammers often buy wholesale email addresses on the dark web. As long as you hear about a massive data breach affecting big business, compromised emails are likely to be sold on the black market.
In other cases, scammers find your email through a trial and error process in which they try many different possible names. Whichever method is used, it is almost guaranteed that you will receive at least one email from a scammer in your entire life. More than half of the Internet receives at least one phishing email every day.
How do I avoid getting involved in email scams?
Your most excellent defence is to cultivate the ability to detect these emails. Here are some useful things to keep in mind that will tell you if you are dealing with a fraudulent email.
- The domain is public. Unless you are dealing with an individual worker, most official emails from organizations end up in the company domain. Google, for example, uses “@ google.com”, while most universities use “@ university.edu”, where “university” is usually the name or abbreviation of the university. If the email address ends In a public domain, chances are you’re dealing with a scammer.
- They forged the display name. Before opening the email, the display name and the “From:” field may include the Google name. However, if you look at the email address, you will see that the email has nothing to do with Google. Spoofing a display name is easy enough by email, as scammers choose which display name, even when the email address is false. Most people also trust the display names, believing that they come from a legitimate source without actually checking the email address.
- A misspelt domain name. Sometimes the domain name may seem legitimate at first glance. It may look like @ microsoft.com from afar, but it’s better to look closely. For example, microsoft.com may be falsified as “mircosoft.com” or “micosoft.com” or some other variation. They look like a lot, but two are bogus. When you check a sender’s email address, even if it looks legitimate, be sure to check it carefully to see if it finds any misspelling in the domain name.
- The email is full of grammatical errors. A legitimate company email will often be checked and corrected to ensure it is grammatically correct and free of typos. Most scam emails are full of typos and grammatical errors. When you see a suspicious email, pay less attention to typos and more attention to grammatical errors. Even native speakers make typographical errors. Many of the grammatical errors found in fraudulent emails are of a nature that only a non-native speaker could make. They are apparent and will give you that feeling of suspicion that tells you something is wrong.
- How many receivers are there? Usually, when scammers send their emails, it is an automated process. They get a large number of addresses and send a massive message to all of them. You may find that the “To:” field in the email has your address, as well as many others. That should immediately raise a red flag. When a legitimate company wants to send you a personal email, it doesn’t label a bunch of other addresses in the email. It is typically for your eyes only.
- Suspicious links and attachments. Many fraudulent emails contain suspicious attachments and links. Never open the attachments of such emails because they most likely contain malware that can infect your computer. If you want to check if the attachment comes from the right source or not, just contact the sender in some other way, like by phone or instant messaging, and ask them about it. Please do not open the attachment, and sometimes the links are hidden behind a button in the email. In that case, hover your mouse over the link and look at the URL that appears in the lower-left corner of your browser. If the URL looks suspicious, don’t click on it. Instead, contact the sender through some other method and ask them about the legitimacy of the link.
- Sense of urgency: Often, the message will attempt to invoke a sense of urgency. They will tell you that your account has been compromised and that you need to do something immediately to save it, or that you are the winner of a lottery that you do not remember registering and that you need to act quickly to collect your reward. When you see this, you should know that you are dealing with a scam.
Criminals will do anything to make you act naive, including creating a false sense of urgency to act without thinking.
I’m already a victim. What should I do?
If you have already been scammed and it happened on a computer at work, report the incident to your IT department or your boss. If it’s on your home computer, report it immediately online.
You should also take immediate steps to protect compromised accounts, such as changing your password or alerting Google, your bank, or any platform on which you have opened the account. If your credit card details have been stolen, contact your bank and ask them to freeze your credit card immediately.
Ultimately, you should share these scams with others by reporting them so they can be further investigated and prevented in the future. But your most significant defence by far is knowing how to spot them in the first place.
How do I avoid being the target of email scams?
Unfortunately, just having an email address makes you a target. Change your password regularly and make it more secure. Strong passwords have upper and lower case letters, at least one number, and at least one symbol.
When you are aware of scams that exist, you are more likely to recognize and report them.