How to Detect Scamming Emails – Email fraud has been around for years and phishing is a type of email fraud. Between 2010 and 2014 alone, phishing incidents increased by more than 160%, costing businesses worldwide billions of dollars and affecting more than half of internet users. Learn how to detect fraudulent emails and phishing scams and protect yourself.
What is Email Fraud?
Email fraud is any fraud that uses email as its main vector. The most common email fraud is phishing fraud, followed by spoofing fraud.
Phishing is a type of fraud where scammers try to get sensitive information from potential victims.
Spoofing involves making it look like an email that comes from a legitimate source. Quite often the two are used together to make complicated fraud.
How Does Scam Emails Work?
This scam first found your way into your inbox, and seems to come from a legitimate source. They often come in the form of messages about some big opportunity that you need to take advantage of immediately, or some kind of emergency or problem that you need to deal with and solve.
There is almost always a sense of urgency designed to motivate you to act without thinking. Scammers know the more time you spend before taking action, the more thoughts you will do and the easier it will be for you to find inconsistencies in your email and be suspicious.
The idea is to get you to act on a sense of urgency, and usually involves clicking on some sort of link that will take you to the scammer’s website, where you are asked to log in to your account or take some other action designed to get you personal data.
Sometimes just by clicking the malware download link to your computer, where it will cause havoc. The same thing happens if the e-mail includes some kind of attachment, which is usually malware that you unknowingly download to your computer when you open the attachment.
Regardless, once you provide your personal information, such as your telephone number, social security number, bank account number, or pin, it will be used by scammers for fraudulent purposes.
How do Email Scammers Find Victims?
Email fraudsters usually buy email addresses in bulk on a dark web. Every time you hear about a massive data breach affecting a large company, chances are that the compromised email will be sold on the black market.
In other cases, scammers find your email through a trial and error process where they try various possible names. Whatever method is used, you are almost guaranteed to receive at least one email from a scammer for the rest of your life. More than half the internet receives at least one phishing email every day.
How Do I Avoid Getting Involved in Email Fraud?
Your biggest defense is developing the ability to find these emails. Here are some useful things to look out for that will tell you whether you are dealing with fraudulent emails.
THE DOMAIN IS PUBLIC
Unless you are dealing with individual workers, most official e-mails from the organization end in the company domain. Google, for example, uses “@ google.com” while most universities will use “@ university.edu”, where ‘university’ is often the name or abbreviation of the university.
If the email address ends in the public domain, you most likely are dealing with a fraud.
FAKE DISPLAY NAME
Before you opening the email, the display name and the “From:” field might including the name Google. However, if you look at the email address, you will find that the email has nothing to do with Google.
Faking a display name is easier than email, with the scammer choosing which display name to display, even when the e-mail address is completely fake. Most people also trust display names, believing that they are from a legitimate source without actually checking email addresses.
THE FALSE DOMAIN NAME
Sometimes the domain name looks legitimate at first glance. It might look like @ microsoft.com from a distance, but it’s best to look closely. For example, microsoft.com might be falsified as “mircosoft.com” or “micosoft.com” or other variations. They look similar, but the two are fake.
When checking the sender’s email address, even if it looks legitimate, be sure to look closely to see if you will find spelling errors in the domain name.
FULL EMAIL WITH MISTAKE ERRORS
Valid emails from a company will often be revised and corrected to ensure that they are grammatically correct and free of typos. Most emails Scammers can be identified with fully typos and grammatical errors.
When you see a suspicious e-mail, pay less attention to typing errors and pay more attention to grammatical errors. Even native speakers make typos. Many grammatical errors found in fraudulent e-mails are of a natural nature and are only done by foreign speakers. They are clear and will give you a feeling of suspicion that tells you something is not right.
HOW MANY RECIPIENTS ARE THERE?
Usually, when scammers send their emails it is an automated process. They get a large number of addresses and send mass messages to everyone. You might find that the “To:” field in your e-mail has your address and many others. That should immediately raise the red flag. When legitimate companies want to send you a personal email, they don’t tag many other addresses in the email. Usually only for your eyes.
SUSPICIOUS LINKS AND ATTACHMENTS
Many fraudulent emails contain suspicious attachments and links in them. Never open an attachment from such an email because it is most likely to contain malware that will infect your computer.
If you want to verify whether the attachment is from an actual source or not, just contact the sender by other means, such as telephone or IM, and ask them about it. Do not open attachments.
Sometimes the link is hidden behind a button in an email. If so, hover your mouse over the link, and see the URL revealed in the lower left corner of your browser. If the URL looks suspicious, don’t click. Instead, contact the sender through several other methods and ask them about the validity of the link.
Often the message will try to arouse a sense of urgency. They will tell you that your account has been compromised and you must immediately do something to save it, or that you are a lottery winner that you don’t remember registering and that you must act quickly to collect your prize. When you see this, you should know that you are definitely dealing with fraud.
Criminals will do anything to make you act naively, including creating a feeling of wrong urgency to make you act without thinking.
I’ve become a victim. What should I do?
If you have been scammed and it happened on a computer at work, report the incident to your IT department or boss. If it’s on your home computer, report online immediately.
You must also immediately take steps to protect the compromised account, such as changing your password or reminding Google, your bank, or any platform where you opened the account. If your credit card details are stolen, contact your bank and ask them to immediately freeze your credit card.
Ultimately, you must share this scam with others by reporting it so that they can be further investigated and prevented in the future. But your biggest defense, so far, is to find out how to find them.
How Do I Avoid being Targeted for Email Fraud?
Unfortunately, only having an email address makes you a target. Change your passwords regularly and make them strong. A strong password has upper and lower case letters, at least one number, and at least one symbol.
When you know of a fraud that exists, you will be more likely to recognize it and report it.