Emails Scams

Email Scams: 12 Ways to Protect Yourself From Phishing in 2024

Last update: April 7, 2023

The best way to stay safe from email scams is to never give out any personal information without verifying the sender. If you think you’ve been scammed, change all your passwords and alert your bank. ExpressVPN‘s Threat Manager can help you detect domains associated with malware — try it for free with a 30-day money-back guarantee.

Phishing email scams are on the rise. Studies have shown that 75% of organizations globally were victims of phishing attacks in 2020, with 74% successful in their efforts. Another study by Cisco in 2021 reports that 90% of phishing scams lead to data breaches. 

Phishing attacks also cause severe monetary damage to businesses. A study by RiskIQ estimated that businesses around the world lose a collective $17,700 per minute due to phishing attacks. Business email compromise (BEC) scammers made $1.8 billion in 2020, the most among all their cybercrime buddies. Read the phishing statistics guide to get the extentof the problem.

  1. Best for scam protection
    Overall Rating 9.5 / 10
    Get 49% Off ExpressVPN
  2. Overall Rating 9.2 / 10
    Visit NordVPN
  3. Overall Rating 8.9 / 10
    Visit Surfshark

Clearly, phishing scams corner the market on one of the worst online scams you can encounter. As a prospective victim yourself, you should know how to identify phishing messages and which authority figures you can count on while reporting phishing attempts. Keep reading to educate yourself.

Tips on How to Recognize Email Scams

The best weapon to have in your arsenal when going up against scammers is awareness. If you know what to be on the lookout for, online criminals who are out to get your personal or financial information or even commit identity theft won’t be successful.

Here are some common tactics to identify suspicious activity in email scams. A message may be a scam if it does any of the following:

1. Looks like it’s from a company you know but is light on specifics

Phishers often pose as a reputable company to gain your trust so that you will interact by email. The actual message might seem legitimate, with formal salutations like, “Dear account holder” if referencing your bank account or “Dear customer,” for example.

The catch here is they’ll skimp on details, and the emails will be very vague. Legitimate sites or companies you’ve interacted with would have your name and contact details on record. They would refer to you directly by your name or be more specific in the email.

2. Asks for personal information

A common tactic used by scammers is to ask for confidential information to access your bank accounts to steal money or use it for other nefarious purposes.

You might receive emails claiming for authentication or verification of sensitive data like your bank account numbers, credit card numbers, phone numbers, social security number or real address. If you receive an email asking you to provide more information through a reply — over a phone call on the provided number or on an external page — it’s most likely a scam. 

A legitimate company would never request your sensitive information over email, text message or suspicious links. Many scams work off this concept.

Sometimes, a scammer may try to convince you to click on a link or pick up your mobile phone to ring up a number not to secure your personal information but to get malware installed on your computer or mobile device.

The message may be a fake email, intended to persuade you that you’ve got a big bad virus on your device and that you need to download software to get rid of it. You might think you’re being led to secure websites when you click on the links provided, but instead, you end up opening the door to malware.

4. Uses frightening language and threatens consequences

Scammers may try to build a sense of urgency by using frightening language to drive home their message. These messages may be along the lines of, “You need to act now,” and “This is the only way that you can…” You might see this on email headers or the body of the message itself.

These scammers try to prey on your fear and use aggression. Some of them send these messages in all caps to get your attention. For example, “YOU ARE IN SERIOUS TROUBLE, AND WE HAVE PHONE RECORDINGS THAT PROVE IT. PAY UP BEFORE IT’S TOO LATE.”

Don’t blindly send money or call the phone number listed on the email if you get such direct messages. 

5. Offers something too good to be true

Scammers might set you up for classic scams like the Nigerian Prince scam or Jamaican Lottery tactic. Such tactics involve offering a reward or an interaction with someone requesting your help from a foreign country in exchange for a hefty amount through wire transfer.

These scammers often utilize language that urges you to take action immediately or in a very short period of time, like: “You have to claim your prize within hours, or you forfeit the money forever.”

Claiming you won’t get the lottery winnings if you don’t respond immediately builds the need for you to act right away. By doing so, scammers bypass your critical thinking processes to get you to take action without thinking.

Tips on How To Protect Yourself From Phishing

Protecting yourself from phishing emails goes beyond just knowing how to identify them. Here are the preventative actions you can take to protect yourself from a phishing attack. 

6. Never give out personal information without verifying the sender

You should never share your personal information with a stranger online or the sender of a seemingly legitimate email without double-checking their authenticity.

If you aren’t sure about the sender of an email you’ve received, get in touch with the company using the contact details displayed on their website, not the ones given on the email. Verify the sender’s name or the receipt of the email with the company before taking any action.

Also, make sure you don’t share information that the sender should already have. For example, your bank will never ask for your bank account details, and the Social Security Administration will never ask for your SSN. Learn more in the personal cybersecurity guide.

7. Use malware-detecting security software

If you haven’t already, make sure you install antivirus software across all the important devices you use most. Set up auto-updates and scans on the antivirus software, so it conducts regular checks for any malware on all your systems.

It’s also a good idea to install a VPN. Using a VPN will protect your IP address and prevent hackers or scammers online from identifying your location or finding out any of your personal details.

8. Set up multi-factor authentication on all your accounts

Multi-factor authentication means you need to verify your login credentials through two or more methods for a successful sign-in. Check which of your online accounts offer multi-factor authentication or two-factor authentication and set them up. 

That way, even if a scammer figures out one of your credentials, you’re still protected by the other methods you have set up.

Tips on What to Do If You Replied to a Phishing Email

You should never reply to a phishing email, but on the off chance you do, you don’t have to enter total panic mode quite yet. Here are a couple things you can do to protect yourself after engaging with a phishing email.

9. Change all your passwords

No matter how much the tactics grow over time, all scammers target one thing in common: your passwords. In case you’ve let your password slip, the first thing to do is change your passwords on the accounts you may have compromised.

Never use the same password twice, not even a similar one — it’s not enough to just change a letter or two. And no, “ILoveMyDog123” is not a secure password.

Phishing attackers will often identify other accounts that you use and attempt to use similar credentials to log into those as well. Just to be on the safe side, also update your passwords on your other user accounts.

Long story short: update your email account passwords first and then all the passwords of associated accounts, especially important ones like your bank account.

10. Run a security scan

If you’ve responded to a phishing email, you should double-check to see if the malware has already been installed or spread across your computer. 

Use your computer’s antivirus software to run a quick system scan and detect any viruses or malware. Make sure the software is also fully updated before doing so. 

11. Call your bank

If the phishing email you received involved your bank details or other personal information like your social security number, you should immediately alert the relevant authorities. For example, in case of the former, get in touch with your account manager or bank’s point of contact.

Once you alert them of the potential fraud, they will also be on the lookout to track and identify any suspicious activity and can protect you from further losses.

Tips on How to Report Email Scams

There are so many frauds happening online, it can be hard to navigate where to report scams and which law enforcement agencies to contact.

12. Report Email Scams

Here’s a handy list of the different government agencies you can get in touch with immediately to report email scams: 

Conclusion: Avoid Email Phishing Scams

Email scams are scary. Scratch that; any kind of scam is scary. Personally, I’m thankful for my spam folder for filtering out any creepy emails for me. But on the occasion one slips through into my inbox, at least I know how to deal with them. Now, so do you.

The online landscape is a playground for scammers, who often change tactics and hatch up new scamming tactics to swindle unsuspecting users. Internet users are grappling with social media scams, dating scams, and NFT Scams, to name a few.

Have you ever encountered a scammer online or experienced a personal phishing attack? How did you deal with it? Share your story in the comments! Thanks for reading, and as always, stay safe online, folks! 

Leave a Reply

Your email address will not be published. Required fields are marked *