October 25, 2018

Trick or Treat: Can You Spot an Email Scam?



Phishing scams and other email fraud are being dressed up in many ways these days. Victims are often lured in by the promise of a sweet pay-off... but these scams are a lot more trick than treat.

Email scams are scary – and sneaky – attempts by cyber criminals to steal your money, to get you to share confidential and personal information, and to install malware on your computer.

Phishing scams helped cyber criminals steal a total of $172 billion from 978 million consumers in 20 countries, according to a 2017 Norton report. In the United States alone, 143 million consumers were tricked and became victims of cyber crime.

 Don't Get Tricked by These Five Common Email Scams

  1. “Payment Failed, Update Billing Information” A known organization contacts you to complete a validation process immediately, or an account (such as Netflix) will be canceled. Alert: This is a classic phishing scam that looks legitimate (including recognizable logos) and uses a sense of urgency to get you to follow instructions and ‘fix’ the problem. But there is no problem, and clicking on the embedded link will lead to a fake website. Action:  Real institutions never ask for confidential information by email. Check the legitimacy of any email from a financial or commercial institution. Ignore and delete.
  2. “Someone Sent You a Gift Card” The email is addressed to you and packaged to look like a gift. It looks real with appropriate images and provides a link so you can pick up the card.  Alert: Seasonal scams like this are popular (at tax time, the IRS is spoofed). The holiday gift card scam links to a site designed to steal data. Action: Never open an attachment or follow a link in an email – without checking the sender first. Point the cursor at the ‘click here’ link without clicking to display the address of the website. Make sure it’s correct. If not, delete. 
  3. “Urgent CEO Request” You receive a work email from a high-level executive requesting the immediate transfer of funds or sensitive data. Alert: This is a Business Email Compromise (BEC) scam. An attacker is impersonating the executive and counts on the recipient to be unsure about questioning a higher up. The transfer is actually sent to the attacker. Action: While the IT department should flag all suspicious emails, individuals should verify email requests over a different channel, such as in person or over the phone. Use a second form of verification for wire fund transfers.
  4. “Receive a $2 Million Reward” The email, claiming to be from a wealthy person in Nigeria, tells a sad tale about ‘trapped’ funds – and promises a large payment if you help get the money out of the country.  Alert: This scam originated in Nigeria but now can be from anywhere in the world. Personal bank account details are often required, and you will be asked to pay various legal and other fees upfront – but you will never see any money. Action: Look closely at grammar and spelling – there are often glaring mistakes in these and other phishing scams. Ignore and delete.
  5. “Help Disaster Victims” The phishing email asks for money to help victims.  Alert: Disaster relief scams appear after major disasters and contain links or attachments that direct users to a malicious website. Action: Go directly to the website of the charity you know and contribute there.

Start Protecting Your Business

To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.