Email is a common platform for scams of all kinds. An email that pretends to be from the Social Security Administration is a phishing scam. The email that urges you to download malware might be the start of a ransomware attempt. Other email messages are less threatening but annoying nonetheless. Have you ever clicked on an email only to find it sends you to a completely unrelated site trying to sell you something?
It is critical to protect your email account with a strong unique password and two-factor authentication. A hacker that gains access to your email account may be able to change all of your account passwords! See the password module for more information.
Email is not a secure form of communication!
Email is not considered secure! It is not safe to transmit sensitive information like passwords or account numbers in an email. No legitimate company or organization will ever ask you to send personally sensitive information, like passwords or account numbers, in an email. (Note: there are specialized encrypted email programs that can be used for confidential information, but they are different than your normal email.)
Typical email scams
Scammers can easily take on fake personas using email (see phishing module). They can choose any name to appear as the sender–the so-called “friendly name.” The subject line can be completely unrelated to the content of the message, and the email can contain dangerous attachments or links. The email itself isn’t so much the problem as reading and following any instructions to click or download something within the message.
- Messages with attachments. Email messages may have attachments that a scammer hopes that you will download. These attachments may contain viruses or malware.
- Links. Email messages often have links that, when clicked, lead to websites that will try to steal personal information. Links can look legitimate even if they aren’t. Hover over a link (or touch and hold) to see a link’s actual destination address.
- Phone calls. A message may ask for you to call a number. Be cautious about phone numbers included in an email message. Always verify or look up the number yourself.
This email message has it all. The subject line references the current pandemic and the fear surrounding infection. The scammer hopes you’ll be interested in the topic and click the link. Expanding the sender information shows a completely unrelated originating website (attendtraditionalpart-timeprograms) that sounds like a scammy sales site. Gmail filters recognized the links in the email as leading to a site known for identity theft.
Don’t forward that spam!
Friends forwarding spam help spread malware and viruses. Pictures of cute kittens are sometimes dangerous! Just because an email comes from a friend doesn’t mean it is safe. Your email provider and your anti-virus program can spot most of these threats, so pay attention if your email is flagged as suspicious or dangerous.
How to Spot Spam Emails
It’s cheap and easy to send millions of spam email messages. You need to always be on guard for any message asking you to take some action, especially clicking on a link or picture. That link could lead to a dangerous website or start a download of malware to your computer. Here are tips for recognizing spam.
- Unknown sender. Do you recognize the sender? Remember to look at the sender’s address, not the sender’s name. A name can be made up. Do you know the sender? Are you expecting the communication?
- The domain doesn’t match. Check the domain name for a match to the sender. If the sender pretends to be from your bank, but the sender’s domain is from a discount purse site, it’s spam.
- Virus warning. Pay attention to alerts from your email provider and virus protection software. If it flags the email as dangerous, it probably is.
- Unrealistic promise. Beware of emails claiming you have won a prize, money, or some form of special access to a deal. It’s a form of social engineering.
- Attachments. Do not open attachments from unknown senders. PDF files, Word and Excel documents, and pictures have all been used to install malware and spyware on a user’s computer.
- Urgent offers. Spammers know that we are all inclined to act hastily to grab an offer that is about to expire. Don’t fall for it.
- Dear Sir or Madam. Generic salutations are a clue that the email is spam.
- Misspellings and poor grammar. Poor grammar and poorly chosen words are clues that an email was written by someone who doesn’t speak English fluently. Expect emails from businesses and professional people to be, well, professional.
How to Protect Yourself
You are your best defense. Scammers depend on human error. Stop and think before clicking links or downloading documents.
- Use a well-known and highly rated email host for your email service. Email services flag suspect messages and known spam senders and send them to a spam folder. If spammy email messages are getting through to your inbox, think about making a change.
- Keep your anti-virus software up to date. Do some research into anti-virus software that is shown to be effective in catching malware. Your anti-virus should scan emails for malware.
- Learn to recognize the threats we discussed in the prior section. Take the time you need to stop and evaluate the message and the sender.