Last Updated on by SCARS Editorial Team

Spam and Phishing

Identity TheftIdentity Theft Identity theft is when someone uses another person's personal identifying information, without their permission, to commit fraud or other crimes. In both the U.K. and the United States it is the theft of personally identifiable information. Identity theft deliberately uses someone else's identity as a method to gain financial advantages or obtain credit and other benefits, and perhaps to cause other person's loss. The person whose identity has been stolen may suffer adverse consequences, especially if they are falsely held responsible for the perpetrator's actions. Personally identifiable information generally includes a person's name, date of birth, social security number, driver's license number, bank account or credit card numbers, PINs, electronic signatures, fingerprints, passwords, or any other information that can be used to access a person's financial resources., FraudFraud In law, fraud is intentional deception to secure unfair or unlawful gain (money or other assets), or to deprive a victim of a legal right. Fraud can violate civil law (e.g., a fraud victim may sue the fraud perpetrator to avoid the fraud or recover monetary compensation) or criminal law (e.g., a fraud perpetrator may be prosecuted and imprisoned by governmental authorities), or it may cause no loss of money, property, or legal right but still be an element of another civil or criminal wrong. The purpose of fraud may be monetary gain or other benefits, for example by obtaining a passport, travel document, or driver's license, or mortgage fraud, where the perpetrator may attempt to qualify for a mortgage by way of false statements. A fraud can also be a hoax, which is a distinct concept that involves deliberate deception without the intention of gain or of materially damaging or depriving a victim., And CybercrimeCybercrime Cybercrime is a crime related to technology, computers, and the Internet. Typical cybercrime are performed by a computer against a computer, or by a hacker using software to attack computers or networks. Alert

A SCARSSCARS SCARS - Society of Citizens Against Relationship Scams Inc. A government registered crime victims' assistance & crime prevention nonprofit organization based in Miami, Florida, U.S.A. SCARS supports the victims of scams worldwide and through its partners in more than 60 countries around the world. Incorporated in 2015, its team has 30 years of continuous experience educating and supporting scam victims. Visit www.AgainstScams.org to learn more about SCARS. Insight

Spam and Phishing

Cybercriminals have become quite savvy in their attempts to lure people in and get you to click on a link or open an attachment.

More than half of all cyber-attacks are initiated by emails. Understanding how these attacks are triggered and how to protect yourself from them is vital in staying safe online.

Malicious Email

A malicious email can look just like it comes from a financial institution, an e-commerce site, a government agency or any other service or business.

It often urges you to act quickly, because your account has been compromised, your order cannot be fulfilled or there is another urgent matter to address.

  • If you are unsure whether an email request is legitimate, try to verify it with these steps:
  • Contact the company directly – using the information provided on an account statement, on the company’s official website or on the back of a credit card.
    Search for the company online – but not with information provided in the email.

Spam Emails

Spam is the electronic equivalent of junk mail. The term refers to unsolicited, bulk – and often unwanted – email. Here are ways to reduce spam:

  • Enable filters on your email programs: Most internet service providers (ISPs) and email providers offer spam filters; however, depending on the level you set, you may end up blockingBlocking Blocking is a technical action usually on social media or messaging platforms that restricts or bans another profile from seeing or communicating with your profile. To block someone on social media, you can usually go to their profile and select it from a list of options - often labeled or identified with three dots ••• emails you want. It’s a good idea to occasionally check your junk folder to ensure the filters are working properly.
  • Report spam: Most email clients offer ways to mark an email as spam or report instances of spam. Reporting spam will also help to prevent the messages from being directly delivered to your inbox.
  • Own your online presence: Consider hiding your email address from online profiles and social networking sites or only allowing certain people to view your personal information.

Phishing Emails

Phishing attacks use email or malicious websites (clicking on a link) to collect personal and financial information or infect your machine with malwareMalware Short for "malicious software," this term means computer viruses and other types of programs that cybercriminals use to disrupt or access your computer, typically with the aim of gathering sensitive files and accounts. and viruses.

Spear Phishing

Spear phishing involves highly specialized attacks against specific targets or small groups of targets to collect information or gain access to systems. For example, a cybercriminal may launch a spear-phishing attack against a business to gain credentials to access a list of customers. From that attack, they may launch a phishing attack against the customers of the business. Since they have gained access to the network, the email they send may look even more authentic and because the recipient is already a customer of the business, the email may more easily make it through filters, and the recipient may be more likely to open the email.

The cybercriminal can use even more devious social engineeringSocial Engineering Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. It is used as a type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. It has also been defined as "any act that influences a person to take any action that may or may not be in their best interests." efforts such as indicating there is an important technical update or new lower pricing to lure people.

Spam & Phishing on Social Networks

Spam, phishing and other scamsScams A Scam is a confidence trick - a crime -  is an attempt to defraud a person or group after first gaining their trust through deception. Scams or confidence tricks exploit victims using their credulity, naïveté, compassion, vanity, irresponsibility, or greed and exploiting that. Researchers have defined confidence tricks as "a distinctive species of fraudulent conduct ... intending to further voluntary exchanges that are not mutually beneficial", as they "benefit con operators ('con men' - criminals) at the expense of their victims (the 'marks')". A scam is a crime even if no money was lost. aren’t limited to just email. They’re also prevalent on social networking sites. The same rules apply on social networks: When in doubt, throw it out. This rule applies to links in online ads, status updates, tweets and other posts. Here are ways to report spam and phishing on major social networks:

Tips for Avoiding Being a Victim:

  • Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following or clicking on links sent in email.
  • Before sending or entering sensitive information online, check the security of the website. This means look for HTTPS – as opposed to just HTTP. The HTTPS means that your connection to that website is secured and encrypted.
  • Pay attention to the website’s URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net). .COM and .ORG are normal domains for real entities. Others may be too, but be more cautious.
  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using the information provided on an account statement, not information provided in an email. Check out the Anti-Phishing Working Group (APWG) to learn about known phishing attacks and/or report phishing – plus report all scamScam A Scam is a confidence trick - a crime -  is an attempt to defraud a person or group after first gaining their trust through deception. Scams or confidence tricks exploit victims using their credulity, naïveté, compassion, vanity, irresponsibility, or greed and exploiting that. Researchers have defined confidence tricks as "a distinctive species of fraudulent conduct ... intending to further voluntary exchanges that are not mutually beneficial", as they "benefit con operators ('con men' - criminals) at the expense of their victims (the 'marks')". A scam is a crime even if no money was lost. email addresses on www.Anyscam.com to help alert the world!
  • Keep a clean machine. Keep all software on internet-connected devices – including PCs, smartphones, and tablets – up to date to reduce the risk of infection from malware.

Protect Yourself With These Tips:

  • When in doubt, throw it out: Links in email, tweets, posts and online advertising are often how cybercriminals try to compromise your information. If it looks suspicious, even if you know the source, it’s best to delete or – if appropriate – mark it as junk.
  • Think before you act: Be wary of communications that implores you to act immediately, offers of something that sounds too good to be true or asks for personal information. Real entities will not ask for personal information in an email.
  • Make your passphrase a sentence: A strong passphrase is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). On many sites, you can even use spaces! Even better use a nonsense sentence that you can remember, such as “DinosaursSmokeRassberries” along with numbers and symbols “AstronautesPaintMoonRocks@2024”
  • Unique account, unique passphrase: Having separate passphrases for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passphrases.
  • Lockdown your login: Fortify your online accounts by enabling the strongest authentication tools available, such as biometricsBiometrics Physical Biometrics is the use of distinctive, measurable physiological characteristics to verify an individual’s identity. Physical biometrics includes techniques such as retinal scans, fingerprints and voice prints., security keys or a unique one-time code through an app on your mobile device. Your usernames and passphrases are not enough to protect key accounts like email, banking and social media. The easiest way to do this is by adding Two-Factor Authentication to your accounts and using the Microsoft Authenticator App on your phones – this way, when someone tries to login into an account you are notified and they can only gain access with a code from your phone.

Additional Resources