Identity Theft: Email Scams
Similar to phone scams, fraudulent emails attempt to gather general and sensitive information from you to steal from you. Emails can be the most dangerous entryway to your personal security. Cybercriminals include links in their emails attempting to expose your computer to viruses and malicious software, which can give them complete access to your computer files and any private material you have digitally stored.1
Many of these emails appear to be sent from legitimate companies, companies that you are already associated with, or even governmental agencies such as the Medicare office.2
The email will likely contain a forged logo that makes it look almost identical to an authentic email from that company and it may contain phrases or names used by you or within your company. In addition to being able to obtain email information, people often make themselves easy targets for hackers by posting information about themselves on social media sites, blogs and professional networks.3
Emails can start to look the same when you’re receiving several each day, but there are some telltale indicators that an email is fraudulent:
- SPELLING AND GRAMMAR MISTAKES1
Unlike legitimate companies, cyber criminals rarely have editors for their emails. This means that spelling and grammar mistakes should always be a red flag that something is not right. Many of these emails originate in countries outside of the United States, so the grammar may be off, or the text may seem translated in a way that seems unfamiliar. Another indicator would be if the formatting of the email feels off, and the spacings in the email seem shifted.
- “RECEIVED FROM” FIELD DOESN’T MATCH SENDER1
Always double check that the company name that appears in your email matches the sender. If they do not, that is another red flag that the email is forged.
- While the company’s name from which you’ve received an email will appear as the sender in your inbox, this can be forged. To test this when the email is open, check the actual email address that it was sent from. Be sure to take a discriminating look at this, especially when you’re unsure about an email’s validity. The emails are often similar but not the same as the reputable company that you are used to receiving emails from.
- GENERIC EMAIL GREETINGS2
Companies with whom you are a client will have your contact information saved. If your bank emails you with a generic greeting such as: “Dear YourEmail@(company).com” or “Dear Valued Customer,” be wary.
- DIFFERENT EMAIL USED2
If your bank usually contacts you on your work email, but sends an email to your personal account, it’s highly likely that this email is counterfeit.
Much like phone scams, email scams often prey on fear. They often threaten to close accounts or claim to be a final offer.
- FALSE LINKS2
Email scams will almost always have an external link for you to click on. These usually direct you to another web page that will then ask you to fill in personal information or download a virus onto your computer. In order to tell if a link is real or not, you can hover your mouse over the link—be sure not actually click on it—to see the real website you’ll be directed to.See below for an example: when the mouse hovers over the link, the real destination will pop up:
When it comes down to it, you can never be too cautious. If something seems off, unfamiliar, or unexpected in an email, it probably is.
If you unexpectedly receive an email—even from someone you know—it’s better to be cautious before opening the email. Some of the more savvy forms of email phishing have been dubbed spear phishing because once a hacker has gained access to your friend’s email, they will gather familiar information such as what school your children go to, to send an unexpected email to you from your friend’s email address.3 Once you open the email, the hacker can begin delving through your personal information, and repeat the process.
If you’re ever unsure, it’s best to contact the company by calling them at a reputable phone number. They will be able to confirm the validity of the email. If you find that you have received a fraudulent email, report it to the authorities at the Internet Crime Complaint Center.3 While this information can be scary, remember what mom always said: “You’re better safe than sorry.”
Arm yourselves with knowledge and stay ever-vigilant so that you can help prevent identity theft from happening to you.
1. “How to recognize phishing email messages, links, or phone calls.” What is Phishing. N.p., n.d. Web. 20 July 2014. <http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx>.
2. “Scams are sprouting with the rollout of Obamacare.” USA Today. 11 November 013. http://www.usatoday.com/story/INV2019s/nation/2013/11/11/affordable-care-act-scams/3501595/
3. “What’s a company’s biggest security risk? You.” Wall Street Journal. 11 September 2011. http://online.wsj.com/INV2019s/articles/SB10001424053111904836104576556421692299218
4. “Identifying fraudulent “phishing” email.” Identifying fraudulent “phishing” email. N.p., n.d. Web. 15 July 2014. <http://support.apple.com/kb/HT4933>.
5. “Federal Deposit Insurance Corporation.” FDIC: Phishing Scam. N.p., n.d. Web. 20 July 2014. <http://www.fdic.gov/consumers/consumer/alerts/phishing.html>.