In 2023, according to the Phishing Report by Zscaler ThreatLabz, the United States, the United Kingdom, and India experienced the highest volume of phishing scams, with the United States being the most affected by these attacks. This increase was due to the larger population of internet and technology users in the U.S., and the growing use of online financial transactions.
In this post, we’ll explain how scam emails and messages work, show you how to spot them and what to do if you get a fake email or message through social media. Additionally, we’ll give you some tips for protecting yourself in the future.
Need support after a scam? Join our community today.
What are Scam Emails and Scam Messages?
Scam emails and messages are fake communications used by scammers to steal personal information such as passwords, account numbers or by tricking you into clicking on malicious links that lead to fake websites. These messages often impersonate themselves as trustworthy entities, such as banks, payments, or services. For example:
From: customerservice@popularbank.com
Subject: Urgent Action Required: Verify Your Account Information
Dear Customer,
We have detected several suspicious login attempts on your account in the last 24 hours. To protect the security of your account, you must verify your information immediately.
Please click the link below to verify your information: Verify My Account Now
If you do not complete this verification within 24 hours, we will be forced to suspend your account access to protect your personal information.
Thank you for your understanding and cooperation.
Sincerely,
Customer Service
Popular Bank
This phishing email shows tricks like using urgent language, fake sender addresses, and false links to make people share personal info fast without checking. Real banks never ask for information through email links.
How to Spot Scam Messages and Emails: 7 Warning Signs
Recognizing the warning signs for scam messages and emails is important, especially since phishing attempts have seen a 58.2% year-over-year increase globally, according to Zscaler ThreatLabz. Some warning signs are:
1. Generic or Mismatched Greetings
Phishing scams often use vague or incorrect names in greetings to reach a wide net, avoiding personalized salutations that require specific target information.
- Example: An email starts with “Dear User” instead of using your actual name, indicating a generic template sent to many people.
2. Offers Too Good to Be True
Scammers use over-the-top promises to grab your attention and prompt impulsive actions, attracting recipients into clicking malicious links or providing confidential information.
- Example: An email claiming you’ve won a lottery you never entered, asking you to click a link to claim the prize.
3. Poor Grammar and Spelling Errors
Some grammatical mistakes and spelling errors in scam emails are typically indicative of rushed creation and lack of professional attention to detail, characteristics not commonly associated with legitimate and trusted entities.
- Example: An email from your ‘bank’ with several spelling errors, such as “We have detected suspicious activity on your account.”
4. Requests for Urgent Action or Personal Information
Scammers create a false sense of urgency or immediate risk to pressure the potential victim into offering sensitive information quickly, without verification.
- Example: An email stating, “Act now to prevent your account from being permanently closed,” urging you to offer login details immediately.
5. Inaccuracies in Email Addresses, Links, and Domain Names
Phishing messages may include email addresses, links, or domain names that are similar to, but not the same as, those of legitimate entities, to deceive the recipient.
- Example: Receiving an email from “support@app1e.com” instead of “support@apple.com.”
6. Suspicious Files or Demands to Open Them
These file attachments are often unexpected and may contain malware designed to steal personal information or damage the recipient’s system upon opening.
- Example: An email from an unknown sender with an attachment mark “Invoice.pdf” that you were not anticipating.
7. Warnings That Use Scare Tactics
Scammers use threatening language to create fear, compelling the recipient to offer personal information or make a payment to avoid supposed negative consequences.
- Example: An email warning that your account will be suspended within 24 hours if you don’t click a link to verify your identity.
Have questions about dealing with scams? Contact us for support.
Contact us now.
What to Do if You Receive a Scam Message or Scam Email?
When you receive a potential scam message or email, taking the right steps can help you protect your information and prevent potential risks. Here’s an easy-to-follow guide on the steps to take:
1. Avoid Interaction with the Suspicious Message
Do not click on any links, open any attachments, or follow any instructions offered in the message. Even replying to the email can alert scammers that your email address is active, which might lead to more targeted attacks in the future.
2. Check the Sender’s Details on Social Media
When you receive a message or notification about your account on social media, always double-check the email address, profile, or phone number of the sender. Scammers often use addresses that look very similar to official support accounts, but they aren’t legitimate.
For example, emails related to your Facebook or Instagram account will only come from domains like fb.com, facebook.com, instagram.com, support.facebook.com or meta.com. If the sender’s details don’t match, it’s likely a scam.
3. Be Cautious of Requests for Sensitive Information
Fraudulent links and requests can come through various digital platforms, including emails, direct messages on Instagram, or chats on Messenger. Remember that official representatives from Meta will never request your password, payment information, or any other sensitive details via chat or email. If you receive such a request, it’s a strong sign of a scam.
4. Increase Email Filters and Security Measures
Review and adjust your email settings to strengthen filters that block phishing emails and spam. Consider installing or updating robust security software that can offer real-time protection against new and growing threats. For businesses, reviewing IT security measures and partner relationships might be necessary to support defenses against advanced scams.
5. Report the Scam
Report to the appropriate authorities about the phishing attempt. If you’re in a work environment, notify your IT department, as they may have specific protocols to handle such threats. For personal accounts, email services like Gmail have options to report phishing directly from the message—look for a report button or use the help menu to find how to report security issues.
6. Delete the Email or Message
After reporting the phishing attempt, delete the email from your inbox. Make sure to also clear it from your trash or deleted items folder to make sure it’s completely removed from your account. This helps prevent accidental interactions with the message in the future.
How to Protect Yourself from Future Scam Emails and Messages?
Considering that the top five target sectors for phishing scams were finance and insurance, manufacturing, services, technology, retail, and wholesale, according to Zscaler ThreatLabz. It is important that all people or institutions within these sectors are protected and prevent future attacks. Some techniques to protect yourself from future phishing attacks include:
1. Think Carefully Before Responding to Requests
Always pause and reflect before responding to unexpected requests for information. Scammers often depend on the element of surprise to prompt a hasty reaction. If an alert from a bank or similar institution comes via email, open a new browser window and type the website address directly rather than clicking on any offered links.
2. Use Direct Methods to Verify Suspicious Messages
If you receive a message that seems out of the ordinary, do not pause to verify its authenticity by contacting the organization directly through official channels. Look up the company’s phone number or official email address from their website, rather than relying on any contact details offered in the suspicious message.
3. Keep Software and Systems Updated
To protect against the latest phishing techniques, it’s critical to keep your operating system, browser, and all security software up to date. Updates typically include patches for security vulnerabilities that scammers exploit to gain unauthorized access to systems.
4. Set Strong Spam Filters
Activate robust spam filters to help sift out potential phishing emails. Additionally, be wary when deciding to unsubscribe from suspicious emails; spammers often use ‘unsubscribe’ links to confirm active email addresses. Instead of clicking ‘unsubscribe’, mark the message as spam.
5. Learn How to Spot Real Messages
Familiarize yourself with the typical communication styles of the companies you deal with. Legitimate companies will rarely ask for sensitive information through insecure platforms like email. Be cautious of messages that use a generic greeting or contain multiple grammatical errors, as these are potential indicators of phishing attempts.
6. Create and Maintain Separate Email Addresses
Use a separate, private email for personal correspondence and another for public interactions like forums or subscriptions. This can help shield your main email address from spam. Changing your public email frequently can also help reduce the risk of spam accumulation.
Spot Scam Emails and Scam Messages with CDN
As we rely more on services and apps to communicate, phishing attacks are likely to keep growing across various sectors. However, being able to recognize what a fake message or suspicious email looks like, and knowing how to respond, can make a big difference in how users manage their digital presence and protect themselves from these threats.
Remember to always verify through direct, reliable sources, and never respond impulsively to unsolicited messages asking for personal information. Additionally, explore Cryptoscam Defense Network for valuable resources and a community that helps keep you safe in your digital interactions.
We Want to Hear From You!
Fraud recovery is hard, but you don’t have to do it alone. Our community is here to help you share, learn, and protect yourself from future frauds.
Why Join Us?
- Community support: Share your experiences with people who understand.
- Useful resources: Learn from our tools and guides to prevent fraud.
- Safe space: A welcoming place to share your story and receive support.
Find the help you need. Join our Facebook group or contact us directly.
Be a part of the change. Your story matters.
Frequently Asked Questions (FAQs) about Spot Scam Emails-Scam Messages
Are There Any Automated Tools to Detect Fraudulent Emails and Messages?
Yes, there are tools available to detect fraudulent emails and messages. These tools help protect businesses by analyzing and identifying potential threats. Some popular options include:
- Mimecast: Offers protection against malicious links and attachments, using advanced sandboxing technologies to neutralize threats.
- Valimail: Offers free tools to help configure and direct DMARC for email authentication, increasing security and trust in your email communications.
- Microsoft Defender for Office 365: Integrates seamlessly with Office 365 to offer phishing detection, user training, and detailed threat analysis.
- IRONSCALES: Increases existing email systems by dynamically detecting suspicious emails, and offering user training to recognize phishing tactics.
- Avanan: Uses AI to analyze emails for phishing threats, assesses relationships between senders and receivers to establish trust, and extends its protection to communication tools like Teams and Slack.
- Barracuda Email Protection: Focuses on defending against all phishing types and includes advanced features like DMARC analysis for brand protection.
- Outseer FraudAction: Includes comprehensive anti-phishing measures, site shutdown capabilities, and the strategic use of decoy credentials to trace and counteract phishing operations.
- KnowBe4: Advantage of the expertise of renowned hacker Kevin Mitnick to offer top-rated employee training and a sophisticated response platform for phishing incidents.
- BrandShield: Protects corporate brands and executives by monitoring the internet for misuse and counterfeit sales, adding a layer of security against brand-related phishing scams.
- Cofense PDR: Combines AI with professional oversight, offering a directed service that responds to phishing threats in real time, offering robust defense mechanisms.
What to Do If You Accidentally Share Personal Info with a Scammer?
If you accidentally give personal information to a scammer, it’s important to act quickly and follow these steps based on the type of information you disclosed:
1. For UBITName Password
- Immediately change your password. If you use this password on other accounts, change those as well to new, unique passwords.
- Report the phishing attempt to the appropriate authority within your organization or platform where the breach occurred.
- Check if this phishing attempt has been reported already; if not, make sure to report it.
2. For Bank or Credit Card Information (Account Number, Password, or PIN)
- Immediately call your bank using the hotline number usually found on the back of your bank card.
- Report the incident to the local police if you have transferred money to a phisher.
- Regularly inspect your bank statements for any signs of unauthorized transactions.
- Consider setting a lock on your credit records to prevent new accounts from being opened in your name.
- Visit your bank’s website and follow their guidelines on fraud, phishing, or identity theft.
3. For Social Security Number
- Place a credit freeze on your reports with all four credit bureaus to prevent credit card fraud. This action stops the opening of new credit card accounts.
- Review the Social Security Administration’s recommendations on how to handle identity theft to require your Social Security Number.
- Notify the Federal Trade Commission (FTC), as they are the national consumer protection agency working to prevent fraud and protect consumers.
How Do I Report a Fraudulent Email to the Authorities?
To report a fraudulent email to the authorities, follow these steps:
- Submit the Email: Send the phishing email to the Anti-Phishing Working Group at reportphishing@apwg.org. This group includes a variety of organizations, including ISPs, security companies, banks, and law enforcement agencies, are committed to combating phishing and can assist in addressing the situation.
- Notify the Impersonated Entity: Contact the company or person who was impersonated in the phishing email. Permit them to know about the scam can help them warn other potential victims.
Report to the FTC: File a complaint with the Federal Trade Commission (FTC) by visiting FTC.gov/Complaint. The FTC handles cases of fraud and phishing and can take further action based on your report.