How to Recognise and Protect against Email Scams

Introduction:

Email provides us a convenient and powerful communications tool. Unfortunately, it also provides scammers and other malicious individuals an easy means for luring potential victims. To protect yourself from these scams, you should understand what they are, what they look like, how they work, and what you can do to avoid them.

Unsolicited commercial email, or “spam,” is the starting point for many email scams. Before the advent of email, a scammer had to contact each potential victim individually by post, fax, telephone, or through direct personal contact. These methods would often require a significant investment in time and money.Email has changed the game for scammers. The convenience and anonymity of email, along with the capability it provides for easily contacting thousands of people at once, enables scammers to work in volume.

The different kinds of emails we are likely to receive are:

  • Fraud Schemes such as bogus business opportunities,chain letters,work-at-home schemes,health and diet scams, easy money, “free” goods, investment opportunities,bulk email schemes,cable descrambler kit, “guaranteed” loans or credit
  • Bogus Business Opportunities for example emails with subjects like :
    •  ‘Make a Regular Income with Online’;
    • ‘Put your computer to work for you! Auctions’;
    • ‘Get Rich Click’;
    • ‘Use the Internet to make money’ and etc.
  • Health and Diet Scams, for example emails with subjects like
    •  Need to lose weight for summer
    • Reduce body fat and build lean muscle without exercise
    • Increase Your Sexual Performance Drastically
    • Young at any age
    • CONTROL YOUR WEIGHT!!
    • Takes years off your appearance
  • Discount Software Offers that consist of advertisements for cheap versions of commercial software like latest package of Windows or Photoshop.
  • Phishing Email that are crafted to look as if they’ve been sent from a legitimate organization. These emails attempt to fool you into visiting a bogus web site to either download malware (viruses and other software intended to compromise your computer) or reveal sensitive personal information. Eg. from a bank.The bogus site will look astonishingly like the real thing, and will present an online form asking for information like your account number, your address, your online banking username and password—all the information an attacker needs to steal your identity and raid your bank account.

How to detect phishing emails:

Following are the different ways to detect phishing emails as given in the infographic above:

1. The email is sent from a public email address

Look at the sender’s email address, as this can help identify if the person is truly who they claim to be. Often, the criminal will use a public email address such as gmail.com. If your bank or colleague is going to email you, it will come from a company email account with the company name in the email address.

2. Strange attachments

If you receive an unexpected email or an email from someone you don’t know asking you to open an attachment, do not open it. These attachments can contain malware that can harm your computer and capture your personal data.

3. The creation of a sense of urgency

Phishing emails often ask recipients to verify personal information, such as bank details or a password. They can create a sense of urgency by warning that your account has experienced suspicious activity or pretending to be someone you know who is in urgent need of financial help.

These are massive warning signs. If you are ever unsure, contact the company or person using the contact details you already have for them or that are on their legitimate website. Never use any contact details or click any links provided in the email.

4. Links to unrecognised sites or URLs that misspell a familiar domain name

Phishing emails may ask you to click a link within the email. By hovering your mouse over the link or address, you can see the linked site’s true URL. These URLs can be slightly misspelled or completely different to what you are expecting, so always double check before you click.

4. Poor spelling and grammar

You can often detect a phishing email by the way it is written. The writing style might be different to that usually used by the sender and it might contain spelling mistakes and poor grammar.

How to protect yourself from phishing emails:

  • Filter Spam – Most email applications and web mail services include spam-filtering features, or ways in which you can configure your email applications to filter spam. Consult the help file for your email application or service to find out what you must do to filter spam.
  • Regard Unsolicited Email with Suspicion – Don’t automatically trust any email sent to you by an unknown individual or organization. Never open an attachment to unsolicited email. Most importantly, never click on a link sent to you in an email.
  • Install Antivirus Software and Keep it Up to Date
  • Install a Personal Firewall and Keep it Up to Date
  • Use Common Sense

Additional resource can be found from Centre for Internet Security website article on How to Spot Phishing Messages Like a Pro here: https://www.cisecurity.org/newsletter/how-to-spot-phishing-messages-like-a-pro/

 

References:

Annabelle Graham, 5 ways to detect a phishing email, https://www.itgovernance.co.uk/blog/5-ways-to-detect-a-phishing-email/

US CERT  Technical Cyber Security Alert,  Recognizing and Avoiding Email Scams https://www.us-cert.gov/sites/default/files/publications/emailscams_0905.pdf

Centre for Internet Security article on How to Spot Phishing Messages Like a Pro https://www.cisecurity.org/newsletter/how-to-spot-phishing-messages-like-a-pro/