Despite the best efforts of security researchers, too many people are still falling prey to a wide variety of email scams every day. Whether it’s those “get rich quick” schemes or cleverly designed emails to make it look like legitimate communications from your credit card provider, it can be difficult to tell what’s real.
We believe that the best defense against email scams is knowledge. Understanding what to look for and what to avoid is key. While our inbox spam filters have gotten better, you should by no means expect them to be foolproof.
So what can you do to protect yourself?
Know the signs
Security firm ZoneAlarm gives tips to avoid being the victim of a phishing email scam. The first thing to look for is improper spelling or grammar. Legitimate companies will go through multiple edits to ensure that an email looks professional. The scammer won’t: They just want your personal information.
Another thing to look for is a request for immediate action. It may ask you to “Open Immediately,” or say “Immediate Action Required.” If a company is trying to get a hold of you in short order, they’ll likely rather want to talk to you in person or over the phone.
If you still can’t tell and the email looks like it may just be legitimate, it doesn’t hurt to log in to your account to double check — especially if it claims issues with your account. Typically a company will put an alert on your member portal as well if it’s truly an issue.
Know the types
Now that you know the basic signs of a phishing email, understanding the different types is key. Security firm SecurityMetrics splits email phishing scams into 10 different common categories:
- The Government Scam: These emails are made to look as if they come from government agencies, such as the IRS, FBI, or CIA. Believe us, if they want to get a hold of you, it won’t be through email.
- The “Long Lost Friend”: This scammer tries to make you think that you somehow know them, but might also be a contact of yours that was hacked. If you get a weird request for money, give them a call first.
- The Billing Issue: These emails typically come in the form of legitimate-looking communications. If you catch one of these, log into your member account on the website or call the call center. Don’t ever send information through email.
- The Expiration Date: A company claims you have an account that is about to expire, and you need to sign in to keep your data. Again, sign in directly to the member website instead of clicking on a link in the email.
- You’re Infected: A message claims you’re infected with a virus. Simple fix here: Just run your antivirus and check.
- You’ve Won: Claims you won a contest you never entered. You’re not that lucky; just delete it.
- The Bank Notification: An email claiming some type of deposit or withdrawal. If it so happens it’s somebody pretending to be your bank, again, give them a call to be safe.
- Playing the Victim: These emails make you out to be the bad guy and claim you hurt them in some way. It’s hard to believe though that they wouldn’t want to settle it in person or through more legal means, no?
- The Tax Man: These emails pretend to be the IRS, claiming you owe money. The IRS will not contact you via email on these issues. Delete these and move on.
- The Security Check: A very common phishing scam where a company just wants you to “verify your account.” Companies will not ask you to do this via email typically. Go to the company’s website to see if it’s legitimate.
Know how to protect yourself
The easiest way to protect yourself is to not open those suspicious emails. But we all know that’s way more easier said than done, and mistakes happen. Security software provider Norton says the best way to prevent being a victim is to never give out personal information via email and to be wary of requests for general information.
In addition, never submit information via forms embedded in email messages or use links within emails to proceed to supposedly “secure” sites. Take the extra step of entering the URL in your web browser instead.
Finally, install antivirus software. Most modern antivirus also includes tools to prevent you from transmitting information to these suspicious sites in case you do so in error. Having a second line of defense can make all the difference.