The best way to stay safe from email scams is to never give out any personal information without verifying the sender. If you think you’ve been scammed, change all your passwords and alert your bank. ExpressVPN‘s Threat Manager can help you detect domains associated with malware — try it for free with a 30-day money-back guarantee.
Phishing email scams are on the rise. Studies have shown that 75% of organizations globally were victims of phishing attacks in 2020, with 74% successful in their efforts. Another study by Cisco in 2021 reports that 90% of phishing scams lead to data breaches.
Phishing attacks also cause severe monetary damage to businesses. A study by RiskIQ estimated that businesses around the world lose a collective $17,700 per minute due to phishing attacks. Business email compromise (BEC) scammers made $1.8 billion in 2020, the most among all their cybercrime buddies. Read the phishing statistics guide to get the extentof the problem.
- Best for scam protection
Clearly, phishing scams corner the market on one of the worst online scams you can encounter. As a prospective victim yourself, you should know how to identify phishing messages and which authority figures you can count on while reporting phishing attempts. Keep reading to educate yourself.
Can you get scammed if you open an email?No. Simply opening a spam email will not lead to a scam. However, if you interact with it by responding to the sender or clicking on dangerous or malicious links that lead to deceptive websites, you are more likely to be scammed.
What can a scammer do with an email address?Scammers can use your email address to impersonate you through identity theft, collect sensitive information and hack your passwords on other accounts. Scammers know where you are by tracking your location when you access email. A Gmail email address is especially dangerous to lose because you could give the scammer access to other Google services, like Maps to track you or even Google Pay.
What are the most common signs of a phishing scam?Subtle misspellings, inconsistencies in the company name or email address, referencing a family member without naming them, links to fake websites, and building urgency are all common signs of a phishing scam.
Is it OK to answer phishing emails?No. You should never engage with a phishing email. You should report phishing emails and avoid replying or clicking on any links in the email.
Tips on How to Recognize Email Scams
The best weapon to have in your arsenal when going up against scammers is awareness. If you know what to be on the lookout for, online criminals who are out to get your personal or financial information or even commit identity theft won’t be successful.
Here are some common tactics to identify suspicious activity in email scams. A message may be a scam if it does any of the following:
1. Looks like it’s from a company you know but is light on specifics
Phishers often pose as a reputable company to gain your trust so that you will interact by email. The actual message might seem legitimate, with formal salutations like, “Dear account holder” if referencing your bank account or “Dear customer,” for example.
The catch here is they’ll skimp on details, and the emails will be very vague. Legitimate sites or companies you’ve interacted with would have your name and contact details on record. They would refer to you directly by your name or be more specific in the email.
2. Asks for personal information
A common tactic used by scammers is to ask for confidential information to access your bank accounts to steal money or use it for other nefarious purposes.
You might receive emails claiming for authentication or verification of sensitive data like your bank account numbers, credit card numbers, phone numbers, social security number or real address. If you receive an email asking you to provide more information through a reply — over a phone call on the provided number or on an external page — it’s most likely a scam.
A legitimate company would never request your sensitive information over email, text message or suspicious links. Many scams work off this concept.
3. Tries to get you to click on a link or call a number
Sometimes, a scammer may try to convince you to click on a link or pick up your mobile phone to ring up a number not to secure your personal information but to get malware installed on your computer or mobile device.
The message may be a fake email, intended to persuade you that you’ve got a big bad virus on your device and that you need to download software to get rid of it. You might think you’re being led to secure websites when you click on the links provided, but instead, you end up opening the door to malware.
4. Uses frightening language and threatens consequences
Scammers may try to build a sense of urgency by using frightening language to drive home their message. These messages may be along the lines of, “You need to act now,” and “This is the only way that you can…” You might see this on email headers or the body of the message itself.
These scammers try to prey on your fear and use aggression. Some of them send these messages in all caps to get your attention. For example, “YOU ARE IN SERIOUS TROUBLE, AND WE HAVE PHONE RECORDINGS THAT PROVE IT. PAY UP BEFORE IT’S TOO LATE.”
Don’t blindly send money or call the phone number listed on the email if you get such direct messages.
5. Offers something too good to be true
Scammers might set you up for classic scams like the Nigerian Prince scam or Jamaican Lottery tactic. Such tactics involve offering a reward or an interaction with someone requesting your help from a foreign country in exchange for a hefty amount through wire transfer.
These scammers often utilize language that urges you to take action immediately or in a very short period of time, like: “You have to claim your prize within hours, or you forfeit the money forever.”
Claiming you won’t get the lottery winnings if you don’t respond immediately builds the need for you to act right away. By doing so, scammers bypass your critical thinking processes to get you to take action without thinking.
Tips on How To Protect Yourself From Phishing
Protecting yourself from phishing emails goes beyond just knowing how to identify them. Here are the preventative actions you can take to protect yourself from a phishing attack.
6. Never give out personal information without verifying the sender
You should never share your personal information with a stranger online or the sender of a seemingly legitimate email without double-checking their authenticity.
If you aren’t sure about the sender of an email you’ve received, get in touch with the company using the contact details displayed on their website, not the ones given on the email. Verify the sender’s name or the receipt of the email with the company before taking any action.
Also, make sure you don’t share information that the sender should already have. For example, your bank will never ask for your bank account details, and the Social Security Administration will never ask for your SSN. Learn more in the personal cybersecurity guide.
7. Use malware-detecting security software
If you haven’t already, make sure you install antivirus software across all the important devices you use most. Set up auto-updates and scans on the antivirus software, so it conducts regular checks for any malware on all your systems.
It’s also a good idea to install a VPN. Using a VPN will protect your IP address and prevent hackers or scammers online from identifying your location or finding out any of your personal details.
8. Set up multi-factor authentication on all your accounts
Multi-factor authentication means you need to verify your login credentials through two or more methods for a successful sign-in. Check which of your online accounts offer multi-factor authentication or two-factor authentication and set them up.
That way, even if a scammer figures out one of your credentials, you’re still protected by the other methods you have set up.
Tips on What to Do If You Replied to a Phishing Email
You should never reply to a phishing email, but on the off chance you do, you don’t have to enter total panic mode quite yet. Here are a couple things you can do to protect yourself after engaging with a phishing email.
9. Change all your passwords
No matter how much the tactics grow over time, all scammers target one thing in common: your passwords. In case you’ve let your password slip, the first thing to do is change your passwords on the accounts you may have compromised.
Never use the same password twice, not even a similar one — it’s not enough to just change a letter or two. And no, “ILoveMyDog123” is not a secure password.
Phishing attackers will often identify other accounts that you use and attempt to use similar credentials to log into those as well. Just to be on the safe side, also update your passwords on your other user accounts.
Long story short: update your email account passwords first and then all the passwords of associated accounts, especially important ones like your bank account.
10. Run a security scan
If you’ve responded to a phishing email, you should double-check to see if the malware has already been installed or spread across your computer.
Use your computer’s antivirus software to run a quick system scan and detect any viruses or malware. Make sure the software is also fully updated before doing so.
11. Call your bank
If the phishing email you received involved your bank details or other personal information like your social security number, you should immediately alert the relevant authorities. For example, in case of the former, get in touch with your account manager or bank’s point of contact.
Once you alert them of the potential fraud, they will also be on the lookout to track and identify any suspicious activity and can protect you from further losses.
Tips on How to Report Email Scams
There are so many frauds happening online, it can be hard to navigate where to report scams and which law enforcement agencies to contact.
12. Report Email Scams
Here’s a handy list of the different government agencies you can get in touch with immediately to report email scams:
- If you lost money or any possessions, start by first reporting the scam to your local state consumer protection office.
- The Federal Trade Commission (FTC) is the main agency for collecting scam reports. You can register an email scam complaint with them by phone or online on the FTC report fraud page.
- Are you scared that the scammer might commit or already has committed identity theft? Report it to IdentityTheft.gov and get your own recovery plan.
- If you get any phishing emails claiming to be from the IRS, make sure you forward and report them to [email protected].
- The Anti-Phishing Working Group (APWG) is a leading body that tracks and reports on phishing attacks. Send an email to [email protected] with details of the scam to report your case.
Conclusion: Avoid Email Phishing Scams
Email scams are scary. Scratch that; any kind of scam is scary. Personally, I’m thankful for my spam folder for filtering out any creepy emails for me. But on the occasion one slips through into my inbox, at least I know how to deal with them. Now, so do you.
The online landscape is a playground for scammers, who often change tactics and hatch up new scamming tactics to swindle unsuspecting users. Internet users are grappling with social media scams, dating scams, and NFT Scams, to name a few.
Have you ever encountered a scammer online or experienced a personal phishing attack? How did you deal with it? Share your story in the comments! Thanks for reading, and as always, stay safe online, folks!