21 Feb Unsafe Email Alert! Know the Warning Signs of Email Scams
Email is cybercriminals’ favorite tool to lure their victims into their traps. In fact, some estimate that 91% of cyberattacks start with phishing — an email that appears to come from a reputable source that seeks to steal valuable information. Phishing is not new, but it still works. Cybercriminals continue to up their game and can trick even a savvy target. Is it possible you’d fall for an email scam? Lower your chances by learning these common email scam warning signs.
As criminals get more sophisticated, it’s harder to differentiate a legitimate email from an email scam. However, there are usually some telltale signs. Clues throughout an email may offer warnings. Let’s start at the top.
Who is it from?
Yes, we know it says it’s from your bank, but who is really sending you an email asking you to update your account information? If you look at the email address (not just the display name) you may notice that the domain name is unusual. An email address would likely end with the companyname.com. But something like an “online.com” domain name is odd. Do other parts of the email address look off? It may contain extra symbols or be slightly misspelled. Bad sign. And, beware, some cyberthieves are even spoofing CEO names to get the attention of their victims.
Is it scary and urgent? If the gist is something like your bank account will close or your internet service will be disrupted if you don’t act, don’t buy it and don’t give into fear. It is unlikely that an urgent matter would be addressed via email or at least as a primary method to get in touch with a customer on a pressing matter. If you’re worried, call the company to see what’s going on.
If it’s a generic salutation such as “Dear Valued Customer,” that’s a sign of a cybercriminal casting a wide net. A company that you have a relationship with has your name and will use it. Of course, just because an email is addressed to you personally does not make it legitimate. Targeted spear phishing tactics use all sorts of personal information that they can glean off of the internet to gain a victim’s trust.
Body of the Email
There are lots of warning signs in the email message itself.
- Again, an urgent tone or message that elicits fear is a tactic used by criminals not businessmen.
- Does the email ask for personal or sensitive information? Legitimate businesses do not seek private information over email.
- It’s too good to be true. You know the offers for discounts and other deals or prizes that seem crazy good. Don’t be tempted.
- Bad spelling and grammar should raise doubts. Professional businesses are careful to proof their communications to catch typos.
- Logos do not equal legitimacy. It’s not hard to copy a logo and add it to an email. Don’t assume that just because a logo appears that the communication is valid. You might notice that the resolution on the logo is poor or it actually looks like a cut and paste job.
Links and Attachments
Please don’t click! This is where you get into real trouble. Cybercriminals use these tactics to load malware onto your machine. Or, you may be led to a false website (that looks real) that asks for your password, among other personal information. If you didn’t solicit an email with an attachment, don’t open it. To find out more information about a link in an email, scroll over it (but don’t click) and the URL will appear so you can see where the link truly leads. A better option than clicking is to open up your browser and type in the company’s true web address. And, you can always call the company to resolve issues or inquire about an offer.
For businesses, educating employees to recognize the signs of a bad email are important. Companies also may invest in email filtering (anti-spam filter, antivirus software) that scans email and eliminates threats, such as viruses, worms, malicious content and attachments, and other junk mail before reaching the end user.
Whatever your defenses, remember that it’s best to be skeptical. If something looks fishy, it probably is. And, DON’T CLICK.