With the rise in fraud, including sophisticated online grifts, it's imperative that people are able to recognize scams to avoid being part of an unfortunate statistic. According to the Federal Trade Commission (FTC), Americans were defrauded of around $10 billion through various scams in 2023, while the AARP reported that about 42 percent of American adults "had a personal experience with fraud."
"We are at a crisis level in fraud in society," notes Kathy Stokes, fraud prevention director at AARP's Fraud Watch Network, speaking to Voice of America (VOA). She explained that because it’s not difficult to perpetuate a scam by internet or telephone, many people are turning to this type of crime. It’s also attractive because it’s possible to make lots of money with a low risk of being caught.
Many of these scams originate from criminals overseas and are facilitated through email or phone. These are known as phishing scams.
What is Phishing?
Phishing scams involve unsolicited communication from a fraudster in an attempt to glean personal information that can be used for financial gain. In email phishing scams, criminals use spoofing techniques to make the content of the message seem as authentic as possible, generally with the goal of getting the email recipient to click a link that directs them to a fraudulent website designed to steal their information, i.e. credit card numbers, Social Security number, or passwords. These harmful sites look almost identical to the authentic site, but there are ways to recognize phishing emails and sites.
How to Recognize Phishing Attempts
Because of the frequency of major data breaches in recent years, scammers may have access to a plethora of information for select email recipients, allowing them to craft personalized messages that seem legitimate and demand an urgent response. However, there are many signs that can indicate an email is from a dangerous or illegitimate source. These include poor grammar and spelling errors, unfamiliar greetings, suspicious attachments, and unusual requests.
Emails from professional sources usually have proper grammar and are devoid of spelling mistakes. If you have received authentic emails from the company that the fraudster is posing as, it can also be helpful to review past correspondence to compare grammar, tone, and greeting. You should also look for discrepancies in domain names, email addresses, and links. For instance, if you hover your cursor over a link in the email and it shows a different web address than the text in the message, there's a good chance it directs to a malicious website.
Threats of urgency, .zip or .exe attachments, and requests for payment information are other suspicious signs that suggest an email is an attempt at phishing. Most importantly, be cautious when opening an email from an unsolicited source, especially if it includes a promise of prizes or discounts. If you're unsure, look up the official email of the alleged sender and get in contact with them to determine if they had originated contact.
Types of Email Phishing Scams
Unusual activity, PayPal, and fake invoices are among the most common email phishing scams. These all promote a sense of urgency, noting that the email recipient needs to act quickly to avoid being penalized or losing additional money. For unusual activity scams, fraudsters send emails that suggest there has been "suspicious activity" on the recipient's account, whether it be their bank or a social media platform. The urgent threat of someone else accessing their account can sometimes be enough for people to not recognize the many suspicious signs that might be in the email.
PayPal email scams also induce panic by suggesting there is a problem with the recipient's account or that it will close soon without action. They typically include the official PayPal logo and fine print that appears authentic. In fake invoice scams, criminals attempt to bill email recipients for products or services which they never received.
How to Report Scams
The FTC's report of $10 billion in fraud losses for Americans in 2023 is likely much lower than the actual figure—it’s believed many people don't report their losses. Those who have fallen victim to email phishing scams or those who would like to report phishing attempts can contact the FBI's Internet Crime Complaint Center at ic3.gov. You should also forward the malicious email to the Anti-Phishing Working Group at reportphishing@apwg.org and alert the real person or company that they are being impersonated.
Software to Protect against These Scams
Beyond educating yourself on the types and signs of email phishing attacks, you can further protect yourself by purchasing cybersecurity software that includes cloud email security and phishing simulations. Some products even offer protection for other communication channels, including Microsoft Teams and Slack. IRONSCALES, Trustifi, Material Security, and Barracuda Sentinel are among the best cybersecurity solutions to protect against email phishing.