Is That Email a Scam?: 5 Red Flags to Look For
We all remember the common email scams that everyone seems to know such as the foreign lottery scam, the mystery shopper scam, and especially the Nigerian Prince scam which became a very popular catch-all for these types of scams. Although we might laugh at these sorts of scams today, they still bring in a lot of money by tricking people who are unsuspecting or vulnerable.
These are all examples of phishing scams which are a type of social engineering in which cyber criminals attempt to deceive people by sending fraudulent emails that appear to be from a genuine source, such as a company or coworker. An email might request you to verify personal account information, such as a password, or suggest you open an infected attachment that attacks your PC with malware or a virus.
The truth is that today's email scams are much more sophisticated than those we've seen in the past and are highly designed to trick you into thinking it's really your bank or Amazon asking for your critical data.
These scams are some of the most common online threats, so it’s important to know the red flags and what to do when you encounter them.
1. The Email Is Intended to Cause Fear
Many cyber-criminals use this tactic, and its prevalence rose during the COVID-19 pandemic, due to heightened fear about the state of the world. However, it's a typical objective for phishing emails to induce panic in the recipient. The email might state that your account was hacked, and the only way to verify it is by entering your login credentials. Make sure you give this email particular attention, especially during a large calamity or traumatic occasion. Hackers are banking on you being so preoccupied or upset that you do things you shouldn't. Take the time to evaluate what it is asking for and try to view it from a logical perspective versus an emotional one. This may be difficult in the moment, but proper cyber security training can help instill these lessons.
2. The Email Is Unprompted
Be wary of any unprompted emails that request personal information. Hackers go to great lengths these days to make their emails seem genuine and use impersonation to copy as many specific details as possible. However, when an apparent real-looking email makes demands that you wouldn't expect, it's often a clear indicator that it isn't from a trusted source. A business for which you are a customer already has your information in their database, so why would they need to ask for it again via email? They most likely will not do so. Although, if you're still confused, and want to be extra sure, call the company in question using a phone number that you have saved for them or one that exists on their website. Do not use the number or any links from the email since those will send you exactly where the hacker wants you to go.
3. There's Something "Off" About the Email Address or the URLs
A phishing email may come from a seemingly genuine address. If you simply glance at these factors, they may appear to be real, but if you take the time to evaluate the email address carefully, you'll discover that it's a phony version intended to seem authentic. For example, they might use "@mail.amazon.buy" rather than "@amazon.com."
Malicious links might also be hidden in the body of the email message, which is akin to real ones. A phishing scam will frequently send you to an altered URL that appears similar to a legitimate link. Before clicking on any links, hover over and look at each one individually. Building your attunement for what's in a real email and one that's fake can help secure your business.
4. It Comes With an Attachment
Alarm bells should start ringing if you get an unexpected email with an attachment. Most reputable companies will not send an unsolicited attachment, but also be wary of emails that appear to come from a person and include one. If you don't recognize the sender, don't open it, and contact your IT department or MSP immediately. The file could be linked to a harmful URL, or Trojan, causing your PC or network to become infected. Even if you believe the attachment is genuine, scanning it using antivirus software is always a good idea. If you believe it to be from someone inside your network, ask them directly if they sent it because doing so may save everyone's data.
5. The Email Has Poor Spelling and Grammar
We've seen many examples of phishing emails over the years and if one thing is clear, it's that cybercriminals are terrible writers. It's surprising how frequently a phishing email can be identified by the poor language used in the message's body. These include many spelling and grammar mistakes that just seem out of place for a legitimate email. On top of that, spelling and grammar mistakes will have been thoroughly checked in emails from respectable businesses since they are often viewed through a strict process of peer review.
Phishing scams are a common occurrence in the world of email, and they often use various methods to try and fool unsuspecting victims. However, there are several red flags that you can watch out for which may help you avoid becoming a victim yourself. We've outlined five of the most common ones in this article, so be sure to keep them in mind the next time you get an unexpected email. Remember that if something seems too good to be true, it probably is, and if you're ever unsure about an email's legitimacy, contact your IT department or MSP for assistance.
Ozark Technology is a Business Technology Provider that helps organizations across the country rethink the value technology brings to their business. Want to partner with us? Let’s chat.