When it comes to online scams, the phishing email scam is probably the most common and well-known type of scam. You may think because it’s been around for so long, you can’t possibly fall for a phishing email. However, with the increased sophistication of cybercriminals, it can be difficult to tell the difference between a legitimate email from a reputable company from an almost identical carbon copy scammer.
The scam goes something like this:
You’re checking your email when you come across an email from what looks to be your bank telling you that your account has been locked due to suspicious activity or some other urgent reason. The email subject gets your attention, so you open the email to see what’s going on. The email format looks like it’s legitimately coming from your bank and it includes a link to unlock your account. You decide to click the link to unlock your account and figure out what’s going on, but after putting in your credentials, you’re redirected or nothing happens on the site.
Confused, you go back to the email to make sure all of the steps were done correctly, but find that the email address is not one that originated from your bank. Now you’ve sent your bank account login information to an online scammer and they’ve changed your password.
How do phishing scams get your email address?
Scammers will use email harvesting to collect mass amounts of email addresses to simultaneously send phishing emails to. Email harvesting is typically done by the scammer using bots to spider a website and collect any email addresses that are found. They will also use email harvesting to build up their contact lists so that they can sell them for profit.
How to spot phishing email scams
Depending on the level of sophistication of the cybercriminal, a phishing email scam may be hard to spot. Here are some tips to spot a phishing email scam in your inbox:
Tip #1: Does the context of the email make sense?
If your bank account was locked for suspicious activity, would they really only send you one email about it? No, likely your bank would use a variety of methods to contact you about your account. Additionally, they’re not going to come out and say why the account is locked because even though it’s going to your email, that’s sensitive information.
If you receive an email like this, even if it looks legitimate, call your bank, financial institution, or other company to confirm that they actually sent that email.
Tip #2: Check the sender’s email address.
Who sent the email? If it’s a legitimate email from a company, you should be able to verify that email address through the company or on their website. Even if the email address looks legitimate at first glance, take another look. Oftentimes phishing email scams will contain emails that look almost identical to a legitimate company email. For example “email@example.com” vs “firstname.lastname@example.org”.
Tip #3: Check for spelling and grammatical errors.
Read carefully through the email to look for spelling and grammatical errors. Spelling errors and grammatical errors are classic hallmark signs of phishing email scams. The scammer’s goal is to make as much money as possible, they’re not hung up on the small details if not many people notice them.
Tip #4: Look through prior emails from the company.
Scammers will try to make an identical carbon copy of emails from legitimate companies to use for phishing scams. However, there are often slight differences you can find that will alert you of the potential scam. Is the color scheme a bit different? Is the email formatted in a different format? Is the logo design a bit off? Is the company suddenly creating a sense of urgency in their emails for no reason?
The best way to protect yourself from phishing email scams is to learn about the ways to spot them and to never click on any unknown links. If you receive an email that you suspect is a phishing email scam, do not click any links within the email, do not reply, simply contact the company that sent you the email directly to confirm it is legitimate. Use caution when receiving emails from new companies and always make sure to verify the sender before clicking any links within an email.
Have you been impacted by a phishing email scam? Active Intel Investigations offers two different tiers of online scam investigations to meet the needs of your case.
Want to discuss your case with a private investigator? Schedule a private, no-obligation consultation with a private investigator through TelaClient.com.