Email can quickly get out of control. With so many websites demanding that you make accounts or link your email, your inbox can get out of hand with hundreds of extraneous messages. While a high volume of messages is certainly annoying, some of those messages may actually be dangerous.
Scams are something anyone browsing the internet should be cautious of. In the past, we’ve covered phone scams, crypto scams, package delivery scams, and phishing scams (in 2020). These scams may differ in how they attempt to “rope you in,” just as a fisherman uses different lures to catch fish. It’s no wonder, then, those email scams are called “phishing.”
What is phishing email?
Phishing scams are trying to get money or information out of you illegally by luring you in with false promises. This type of fake email often promises a lucrative deal, offer, or money-making opportunity to get your attention. They then attempt to steal your money and/or information in exchange for … ultimately, nothing. Email fraud can happen across just about any information channel, including email.
Common email providers such as Gmail offer built-in smart features that catch common email spoofs, such as this one supposedly from Harbor Freight. It has plenty of examples of phishing email red flags.
What is spam email?
A lot of advertising messages you receive via email aren’t scams. Instead, they’re legitimate email offers and messages, often becoming spam. Spam messages are annoying notifications that companies send you in order to try to get your attention focused on their product or service. They aren’t trying to steal your money, but rather get you to buy something from them. If a message is spam, you can tell the company to stop sending you messages by unsubscribing. If an email doesn’t allow you to unsubscribe, it’s probably a scam or phishing email.
How do you know if an email is a phishing attempt? Can you prevent these types of messages? In this article, we’ll be going through everything you need to know about email scams and how to avoid them.
Email Phishing
Unfortunately, phishing messages are hard to avoid. Scammers can get hold of your email in a lot of ways. They may have obtained it through a mass information leak or another means that you have no control over. In any case, be careful about who and what you share your email with. At the risk of stating the obvious: You can reduce the number of phishing emails you receive by being cautious about who has access to your email address.
If you’re suspicious about an email you receive, never click any links or download files attached to the message. Scammers will include links to websites that may download dangerous files or otherwise compromise your computer. Sometimes, scammers will downright attach dangerous files to their email messages. If you’re not sure who’s on the other end of a message or they seem suspicious, don’t engage with them.
If you’re looking to understand what makes a message suspicious, next are tips for spotting phishing scam emails.
1. Bad grammar/ broken English
Many phishing messages are created by scammers outside of the US who may not be as familiar with the English language. Phishing emails often have poor grammar, spelling and vocabulary, and they won’t look very professional. Legit companies put far more effort into making the messages they send you look clean, well-formatted, and make sense. Legitimate emails will rarely have typos and misspellings.
2. Urgency/time-sensitivity
Scammers often rely on fear and urgency to trick people into making quick poor decisions. Their messages will create a false sense of urgency with claims such as a limited-time prize or extremely dangerous security alert. These messages are meant to make you feel panic and stress so that you make an irrational decision. If you see an “urgent” message from a source you’re not aware of, calmly and slowly assess the message to see if it’s legitimate.
3. Suspicious email address
Phishing emails will often come from email addresses that look strange or mimic legitimate company emails. For example, a phishing email may have a bunch of nonsensical numbers in it, or come from outside of the country. A phishing email address may also look legitimate at first glance, coming from your bank, for example. But it will contain a hidden character or wrong letter that marks it as an illegitimate message. It might also contain variations of a bank’s or business’s name within the email address. Or, it will simply come from a non-professional email address:
We were able to identify that the above email was fake, not only because it’s not something we purchased, but also because it came from a Gmail address. If this were a legitimate invoice for services from Best Buy’s Geek Squad, it would have had a Best Buy business email address. (This isn’t to say that all Gmail addresses are fake — many small businesses use Gmail for invoicing! But large corporations like Best Buy do not.)
2023 Email Scams to Look Out For
COVID-19 ’empowerment fund’
Taking advantage of recent events, scammers may try to entice you to give out your information in order to receive a portion of a “global empowerment fund” that doesn’t exist. Scammers may ask for your bank information or personal info in order to steal money from you. These types of scams where an amount of money is offered for free aren’t new — scammers are just using COVID to try to trick their victims.
Pig butchering
We covered this oddly named scam in our crypto scams article. In this, the scammer will try to build a long-term friendship or romantic relationship with their victim. They will then tell them about a secret or exclusive investment opportunity involving cryptocurrency. Be cautious about any emails where a complete stranger is trying to be overly friendly with you and cut off all contact with a stranger who tries to sell you on an investment opportunity.
Student loan forgiveness scam
Another case of scammers taking advantage of recent events, a student loan forgiveness scam involves a false opportunity to consolidate or forgive loans. The scammer will send a message from a legitimate-looking address claiming to speed up the loan forgiveness process with a small fee. They may also attempt to get your Social Security number and other financial information. Information about student loans will only come from your loan servicer or directly from the government.
Amazon imposter emails
Scrutinize those email addresses, because sometimes it may not actually be Amazon contacting you. Scammers will create emails that match the format and language of an official contact from Amazon about an order you’ve made. The scam may involve informing you about an issue with an order or account. They will then trick you into clicking a link in the email and obtaining your login information. If you get a suspicious message from “Amazon,” take a closer look at the sender’s email address. Don’t click links. Instead, log into your Amazon account to check if there are any messages to your account.
What Do I Do If I Spot a Scammer?
- Don’t click links within suspicious emails.
- Use your email provider’s built-in tools to mark email as junk or spam, if it didn’t automatically do so.
- Try forwarding your email to a government site that tracks hoax emails (see below). Don’t expect a personal reply; these services are inundated with reports.
- If you’ve received a suspicious email from a known brand (Microsoft, Target, Walmart, Chase Bank for example) forward the email to their fraud-reporting desk. You can typically find this by searching for “report fake email + name” or “name + phishing email.”
- If you have been personally attacked or tricked out of personal information or money, contact your local law enforcement. Keep records of communications between you and the fraudsters.
If you’re receiving these types of scam emails, you can report fraud emails to the Federal Trade Commission. The FTC has report lines for emails, texts, and other phishing attempts. Because there are so many scams out there, it’s sometimes difficult to know exactly who to contact and what to tell them. USA.Gov has a helpful guide that will point you in the right direction depending on the type of scam you’ve encountered.
If a scammer reaches out to you directly and the threat feels present or immediate, contact your local police to report them.
To avoid scams entirely, we recommend using an email service that filters out spam and potential scams. Microsoft Outlook and Gmail will both have separate inboxes for messages that are marked as potential scams. Unsubscribe from unwanted emails to ensure your inbox is clean and clear of spam.
One more way to know if an email is real or a hoax
We have been experimenting with a free service called Isthisphishy.io. Forward suspicious email to [email protected], and within 2 minutes, you’ll get a response. IsThisPhishy appears to use artificial intelligence to scan and analyze emails because we’ve gotten responses from them in mere seconds. We’ll close this article with screenshots from our IsThisPhishy tests. The first analyzed email appears to be legit, and the second appears to be suspicious.