By: Cassie Phillips, Technology Blogger at Secure Thoughts
The vast majority of security breaches are not caused by an astoundingly skilled hacker; they’re caused by scammers. These malicious social engineers try to trick people into giving them information that is valuable in itself (such as credit card information) or could lead to a treasure trove of data to be sold on the black market (think of the verification information to a server containing customer data).
Many scammers prefer to use email as their main method of attack because it’s a common platform and it’s difficult to determine the true sender (all you have is an email address and the text itself). Who is to say that someone didn’t hack your colleague’s email, thus explaining the odd request for information sent this morning? Other attacks use convincing language to try and elicit an emotional response. For these reasons, you should learn not to trust any email by itself and to be critical of what comes in your inbox.
Here are some questions that you need to ask yourself if you are suspicious about an email sent your way:
Can You Double Check with the Sender?
Did you receive an email asking for some personal information or money? Perhaps it is from a friend who says they’re travelling and in a bind. Maybe it is from a colleague who says they’re collecting data for a project they can’t really talk about. The email address is certainly theirs, but something seems off.
The easiest way to determine if the email is part of a scam by a social engineer is to ask questions only the person sending the email would know. If they back off after asking for such verification, it was probably a scam. Another way to identify email scams is to examine the hyperlinks. When you hover over links, your mail client should have some way to display the link’s destination. If the URL domain and top level domain are suspicious, don’t click on it!
And as always, have your anti-virus program running in the background when you check suspicious emails, as it will most likely stop malicious websites and programs from loading.
Does it Look Mass Produced?
There is no such thing as the artisanal scammer, slowly crafting each scam email to be personally tailored to you or your specific circumstance. Most successful scammers make their living through quantity of attempts instead of quality of scams. To separate the legitimate emails from scams, you need to note the particulars in the language. Take a look at the following:
- Are there any spelling or grammatical errors? Scammers often make mistakes like these as they tend not to thoroughly check their emails.
- What about pronouns? Are specific names used? If not, you should raise your level of suspicion, especially in a longer email.
- How is the formatting in the email? Does it have odd indentations, line breaks or inconsistent line-spaces? Improperly formatted emails are more likely to be mass-produced.
- Does it ask you to click a link that has suspicious URL destinations (remember the hover tactic!) ? Is the email insistent that sending information or money is the only solution to a problem and the link is the best way to provide it to them?
Could Your Email Address Have Been Compromised or Leaked Recently?
Social engineers rarely just pull your email address out of thin air. They will check databases and lists of emails collected by both legitimate and illegitimate organizations. If you get an email that doesn’t seem right, try to remember if you’ve given out your email address to anyone lately. Did you sign up for a newsletter or giveaway? Did you access a public network on which your information could be taken? Have there been any alerts of security breaches at a company that has your email address?
This is an important lesson on protecting your privacy, so you don’t have to worry about these types of online threats. Take measure to have the proper security programs (e.g., password managers) on your devices and don't give out your email address to anyone that asks for it. You will also want to consider using a well-reviewed and high-quality Virtual Private Network (VPN), which is a service that will connect your devices to an offsite server using an encrypted connection. This will protect you from hackers on public networks who can intercept your data to use in scams later on - if they don’t get enough to steal your identity in the first place. Internet security is an area where preparation helps a great deal.
Email scams change over time. They might try and use different rationales to persuade you to part with your money and information. Do not give in or be tricked by these social engineers. Services that filter out junk email are improving at a rate faster than scammers can improve their methods, so there is hope. Just ask the questions above and err on the side of caution, and your chances of becoming a victim will be next to nothing.
Do you have any other thoughts on email scams and defending yourself from them? Do you have any interesting stories to tell? Please leave a comment below, as we’d love to hear your words on the matter!
About the Author: Cassie Phillips is a technology blogger for Secure Thoughts, an excellent resource for internet security tips. Cassie often writes about tech news, data privacy and online safety.