6 Common Types of Email Scams to Watch For

Hackers are getting smarter. Gone are the days when all email scams were riddled with typos and sent en masse to anyone with an inbox. Today, scammers often send highly personal, detailed emails that appear to be coming from reputable organizations. Their messages aren’t relegated to outrageous scenarios, either — Nigerian prince schemes have fallen by the wayside in favor of package delivery errors or work-related requests. Here are a few to watch out for.

Identifying Email Scams

Some scams make themselves clear right in the subject line with a deluge of emojis, obvious misspellings or inappropriate subject matter. Others are more subtle. But the vast majority of email scams are a form of phishing, where someone impersonates another individual or company to try and steal your sensitive data.

Spear phishing is the same scheme with a twist: The hackers include your personal info in the email to target you directly. In just the first four months of 2020, 4% of all spear-phishing attacks used Google-branded sites to trick people into sharing login information.

It can be hard to parse a hoax from a legitimate email when the message is directed specifically at you or appears to come from someone you know. In fact, 43% of employees working from home have made mistakes that caused cybersecurity breaches for either themselves or the company, so it happens more often than you’d think. Stay on the lookout for the following schemes:

1. Winning the Lottery

This classic email scam informs you that you’ve won a great fortune, whether by being the lucky hundredth person to visit a site or just due to someone’s goodwill. But if you didn’t buy a lottery ticket recently, here’s some bad news: You haven’t actually won anything. Any email offering a prize, whether it takes the form of money or a new phone, is almost always a hoax.

Flag the email as spam and don’t click on any links.

2. Account Confirmation

Hackers use this tactic to steal personal information. An email from a legitimate-looking source, such as Apple, Netflix or another large company, will inform you there’s a problem with your account. In order to log back in, the email explains, you’ll have to click a link and provide some information.

There are usually several tip-offs that you’re being scammed. The sender’s email address is often a misspelling of the brand name, such as Netfllix or Go0gle. The message likely contains punctuation errors or other mistakes. Additionally, most legitimate companies use a two-factor authentication system when you get locked out of your account, not a single link that lets you back in.

Go to the actual website of the account in question and see if you can log in. If you really are locked out of your account, follow the steps on the website itself, not the email.

3. CEO Fraud

If your boss sends an email asking you to do something right away, you’re probably inclined to follow their instructions. But look very carefully at their email address — is it legitimate?

This spear phishing scam is a form of business email compromise, taking advantage of the fact that so many business transactions happen via email. Hackers impersonate a manager or even company CEO and ask the recipient to take an important action. This could be as significant as transferring funds from the company account to another bank, or as simple as buying a gift card for a fellow staff member. The sender usually emphasizes urgency and confidentiality.

Before taking any action, ask yourself: Does my manager usually make these types of requests? Am I the appropriate person to transfer company funds? Why can’t my manager handle this situation herself?

Then, double-check with your manager to see if she sent the message. Don’t reply to the email directly. Instead, send your manager a new email or give her a call.

4. The Damsel in Distress

It’s hard to ignore someone’s pleas for help. Whether the email appears to be from a friend or stranger, this scam takes the form of a desperate sob story, such as the sender being stuck in another country, getting robbed or needing somewhere safe to spend the night.

The one thing these scams always have in common is a monetary request. The scammer will ask for funds to secure a plane ticket, bus fare or hotel room. In some cases, they may even ask you upfront to wire money to their account.

Don’t reply. If you think your friend is actually in danger, contact them directly rather than responding to the email.

5. Package Delivery

Ordering packages online has become part of daily life. This email usually appears to come from a shipping or order fulfillment company such as UPS, FedEx, the Postal Service or Amazon, informing you there’s a problem with your order. To make sure your package arrives on time, you’ll need to click a link to provide some more information.

The link, of course, either installs malware or leads to a legitimate-looking form that hackers can use to steal your data. Never click links from unknown sources. Instead, track your order — if you even placed one — directly from the source, such as by logging into your Amazon account or looking up the FedEx tracking number.

6. The Mysterious File

This email usually appears to come from one of your friends or family members, but the email address may be slightly misspelled. It often includes a phrase like, “Check this out!” or, “Is it really you in this video? How embarrassing!”

The message contains a link to what looks like a photo or video, and it preys on your natural curiosity or fear of humiliation. When you click the link, however, it may install malware on your device.

Instead of opening the attached file, reach out to the friend who appears to have sent the email. Odds are they didn’t send you anything, and you should flag the email as spam.

Stay Alert

For more examples of email scams, simply look through your spam inbox. It’s likely teeming with them. Everyone receives spam from time to time, so it’s important to know what to look for.

Keep a sharp eye out for monetary requests, spelling errors, account confirmations and anything that seems too good — or too weird — to be true. And don’t be afraid to hit the delete button. After all, if you accidentally ignore a real request from your boss, you’ll know soon enough.

---

Zac Amos is the Features Editor at ReHack, where he covers cybersecurity topics like email security, phishing, and ransomware. For more of his work, follow him on Twitter or LinkedIn.

The views expressed in this article are those of the author and do not necessarily reflect those of StartMail.