RSN™ Guide: Email Phishing ScamsScams A Scam is a confidence trick - a crime - is an attempt to defraud a person or group after first gaining their trust through deception. Scams or confidence tricks exploit victims using their credulity, naïveté, compassion, vanity, irresponsibility, or greed and exploiting that. Researchers have defined confidence tricks as "a distinctive species of fraudulent conduct ... intending to further voluntary exchanges that are not mutually beneficial", as they "benefit con operators ('con men' - criminals) at the expense of their victims (the 'marks')". A scam is a crime even if no money was lost.
Email scams, also called phishing scams, are when a cyber scammerScammer A Scammer or Fraudster is someone that engages in deception to obtain money or achieve another objective. They are criminals that attempt to deceive a victim into sending more or performing some other activity that benefits the scammer. contacts you out of the blue and tries to tricks you into clicking a dangerous link or filling in your personal information or bank details.
Portions from Which.co.uk (copyrights acknowledged)
What Is A Phishing ScamPhishing scam Scammers often use email "phishing" to hook unsuspecting fraud victims. Treat all unsolicited email and spam as suspicious: Do not open or reply. To avoid loading malicious software onto your computer or device, never click a link – even from a trusted source – unless you've verified its authenticity. Be especially wary of emails asking for emergency funds or help from friends, family and colleagues. Their email accounts may have been hacked. Scammers will also pretend to be government agencies in scam emails.?
Phishing is when a cybercriminal contacts you out of the blue (usually by email) and convinces you to hand over your personal information or money.
Email that gets you to download a virusVirus A computer program that can replicate itself and spread from computer to computer or file to file. It comes to life only when you take a specific action, such as running a particular program. that infects your computer is NOT a phishing scam – that is MALWAREMalware Short for "malicious software," this term means computer viruses and other types of programs that cybercriminals use to disrupt or access your computer, typically with the aim of gathering sensitive files and accounts..
Phishing is a play on the word ‘fishing’ and usually happens over email, but can also happen through texts, social media, websites, or phone calls
Examples Of Email Scams Include:
- An email message saying you’ll be entered into a free prize draw if you enter your information
- An email message pretending to be from the IRSIRS The Internal Revenue Service (IRS) is the revenue & tax service of the United States federal government responsible for collecting taxes and administering the Internal Revenue Code (the main body of federal statutory tax law.) It is part of the Department of the Treasury and led by the Commissioner of Internal Revenue, who is appointed to a five-year term by the President of the United States. The duties of the IRS include providing tax assistance to taxpayers; pursuing and resolving instances of erroneous or fraudulent tax filings; and overseeing various benefits programs. Visit www.IRS.gov to learn more. or HMRC telling you that you have a tax rebate, or that you owe tax
- An email message pretending to be from your bank or a popular retailer claiming there’s been strange activity on your account which requires you to re-enter your personal details
If you suspect an email might be from a scammer do not click on any links or download any attachments in the scamScam A Scam is a confidence trick - a crime - is an attempt to defraud a person or group after first gaining their trust through deception. Scams or confidence tricks exploit victims using their credulity, naïveté, compassion, vanity, irresponsibility, or greed and exploiting that. Researchers have defined confidence tricks as "a distinctive species of fraudulent conduct ... intending to further voluntary exchanges that are not mutually beneficial", as they "benefit con operators ('con men' - criminals) at the expense of their victims (the 'marks')". A scam is a crime even if no money was lost. email as these may download a computer virus onto your computer. Nothing in the email is believable – do not trust a word it says!
WARNING: Computer viruses can find their way onto your computer by scammers tricking you into installing them. For example, ransomwareRansomware Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies that are used for the ransoms, making tracing and prosecuting the perpetrators difficult. Ransomware attacks are typically carried out using a Trojan virus disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the WannaCry worm, traveled automatically between computers without user interaction. threatens to take action on your computer – such as deleting files – unless you pay a ransomRansom A ransom is an amount of money or other assets of value that is paid for blackmail, extortion, or under other threats or coercion. The ransom is usually paid in cash or now in cryptocurrency. Online blackmail, sextortion, and ransomware all demand ransoms to avoid negative outcomes..
ALWAYS IGNORE LINKS AND ATTACHMENTS
If you suspect an email might be from a scammer, do not click on any links or download any attachments featured in the scam email as these may download a computer virus onto your computer.
Make sure you stay security-savvy and ensure your antivirus software is always up to date, as this will provide an extra layer of protection if you have unknowingly downloaded a computer virus after clicking a link or downloading an attachment.
How To Spot An Email Scam
Email scams, also called phishing scams, are becoming increasingly common as fraudsters come up with new tricks to try and steal your personal information and bank details.
CHECK THE ‘FROM’ ADDRESS
- It’s always worth checking the address the email comes from for spoofingSpoofing Spoofing occurs when a caller maliciously transmits false caller ID information to increase the likelihood that you'll answer. Scammers often spoof local numbers, private companies, government agencies and other institutions. It can also apply to pretending to be an email address, or through other media.. Scammers often change its name to make it look more like it is from the company or organisation they are pretending to contact you from.
- A scam email usually has a fairly bizarre email address behind what looks like a genuine sender name.
- To find out if there’s a fraudsterFraudster A Scammer or Fraudster is someone that engages in deception to obtain money or achieve another objective. They are criminals that attempt to deceive a victim into sending more or performing some other activity that benefits the scammer. behind what looks like a genuine sender, use your mouse to hover the cursor over or right-click on the sender name and you should see the email address behind it.
- Increasingly you will notice that scammers are getting better at sending emails which include our name in the first line of the message. However, not all of them do.
- Sometimes scam emails will just say “Hi” and not include your name, other times your email address will be used after “Hi”. This impersonal approach to contacting you is another sign that it’s likely to be a scammer behind the email.
CHECK CONTACT INFORMATION AND DATES
- Does the ‘contact us’ information at the bottom of the email link to anything? Is it clickable? Are the websites it links to genuine? If the answer is no, you should be on your guard. To see where a weblink links to without actually clicking on it, simply hover your mouse cursor over the link. In the bottom left-hand corner of your web browser, the web address where the link goes to will appear.
- Are the copyright dates (or any others) up to date? Often scammers will forget this detail. We came across an email scam in March 2017, which said the closing date of the competition being advertised in the email was December 31st, 2016. If you see this level of inconsistency, it’s probably a scam.
- Scam emails are often pretending to be from big brands, companies, supermarkets, retailers and deal sites or from trusted government departments.
- Checking branding and keeping an eye on the quality of branded logos, etc, in the email can strongly indicate if the email is a scam.
- Is the branding in the email the same as it is on the company or government website? Does it match the last genuine email you received from them? If the answer is no, be suspicious.
CHECK IF THE LINKED WEBSITE IS LEGITIMATE
Remember, we said not to click on a link but if you already did …
- If you have clicked through to a website or landing page from an email thinking it is genuine, make sure you also double-check the authenticity of the website.
- If it’s a big brand or company, simply open a new tab and do a quick search for them. Click on their website and then compare the URL addresses.
- Are they the same, similar or totally different? This should give you a good indication as to whether the landing page is a fake or genuine.
- If you haven’t yet clicked a link but are being asked to do so you can access an important message on your account, avoid the temptation to act quickly and log in via the email link. Instead, open your browser and log in to your account via the official website. Check if the message is really there. If it isn’t, you know the email you received is likely to be from a scammer.
ASKING FOR PERSONAL OR BANK DETAILS?
- If an email is asking you to update or re-enter your personal or bank details out of the blue, it is likely going to be a scam.
- Personal information includes things like your National Insurance number, your credit card number, Pin number, or credit card security code, your mother’s maiden name or any other security answers you may have entered.
- Most companies will never ask for personal information to be supplied via email.
POOR SPELLING, GRAMMAR, AND LAYOUT
- Increasingly scammers are getting better at presenting phishing emails that are more or less free of poor spelling and grammar. But, you should still watch out for these tell-tale signs.
- More common is to see a real lack of consistency with the presentation of the email, which may include several different font styles, font sizes and a mismatch of logos.
TRYING HARD TO BE ‘OFFICIAL’
- Scammers often try hard to make the email sound official. They will do this in a number of ways, including using the word ‘official’.
- You are unlikely to see the messaging in a truly official email shouting about how official it is.
- Scam emails may also contain information such as account numbers and IDs designed to trick you into thinking the email is genuine. Check any of these against your records to see if they match.
TRYING TO CREATE A SENSE OF URGENCY
- Fraudsters will try to pressure you with time-sensitive offers, encouraging you to act now or miss out on ‘exclusive’ deals.
- Take your time to make all the checks you need. If the message is alerting you to look at something linked to an account you have with the company, organization or retailer, you should log in separately to your account in a new tab or window
- It’s better to miss out on a genuine deal than risk compromising your personal details or money.
CHECK WITH REAL COMPANY
- If you’re still unsure whether a scammer is behind the email you received, get in touch with the brand or company featured in your email directly via social media or their ‘contact us’ page.
- Remember also to check the brand or company help and customer services pages. Often big companies are aware of scams circulating and have published advice for customers on what to watch out for.
The obvious way to stay safe from Scam Emails is simply: do not do business through emails. Meaning that when you get an email from a business you recognize, simply go to their real website or call them, do not click on anything in the email. If you follow this simple rule you will always be safe!