Email scams can be just as spooky as those ghosts trick or treating at your doorstep. Unfortunately, anonymous cybercriminals are hiding behind fraudulent emails instead of an innocent princess or police officer. The cybercriminal’s goal is to convince you to provide your critical data – such as personal identifiable information (PII) – like name, address and credit card number instead of a sugary treat. These individuals no longer just want notoriety as a successful hacker, but to sell your information or leverage it to make a lot of money.

Email Scams Seek More Than Candy

The intent of these cybercriminals is to convince you, the recipient, that the email received is legitimate and requires some form of action. This is often either providing information or completing a task. They sometimes invoke an emotional response by indicating something bad will happen if you do not comply with the suggested action. For example, they may threaten to deactivate one of your accounts or spread malicious information about you to others.

Scavenging for Other Treats

What are the most prevalent types of email scams, often referred to as phishing? According to the INFOSEC Institute, a world-class information security training organization founded in 1998, the most common phishing email scams are:

  • Account Verification
  • Cloud File Sharing
  • Electronic Signature Required
  • Fake Invoice
  • Delivery Notification
  • Tax Scam

Regardless of social status, age, religion, sex or other demographics, each individual’s identity, PII and financial-related data is highly valuable – to you and to cybercriminals.

How to Protect Yourself from these Nightmares

So how do you protect yourself from these anonymous ghouls and trolls? While relatively simple, it is often hard to practice given how quickly we interact electronically. Much like how designing your Black Panther or A Star is Born outfit takes time and dedication, we suggest taking similar care when watching out for email scams.

  1. Verify the sender’s email address – Is the email or electronic request one that you would expect to receive from the sender? Ensure the senders’ email address is correct. Also, validate that the domain is spelled correctly instead of being spoofed. Cybercriminals will often purchase a similar domain name, but change a small element, like replacing an “m” with an “rn.”
  2. Validate the need for the email – Is the request for action expected? If the request appears to be from an IT or vendor associate requesting your user ID and password, is that based on a request you made to change your credentials or is that a cybercriminal’s attempt to gain your login information? It is often the latter. Cybercriminals know users often use the same password or password string across multiple accounts.
  3. Do not click on links – Review the provided links by simply placing your cursor over any highlighted or identified hyperlinks to show the intended webpage. But do not click! By simply hovering your cursor over the link, you will see the target webpage and can hopefully determine if the link is legitimate. If you receive an email from your bank – say Bank of America – requesting your immediate verification by clicking on a given link, refrain from doing so. It’s better to call your bank independently and ask whether your account requires any particular action.
  4. Look for other signs in the email – Brand awareness is important to all companies. Ensure the brand logos represented are legitimate. Mouse-overs can also be helpful here as brands will place their homepage URL as a link with the logo. Grammar is also very important. Within the context of the email, confirm sentence structures and spelling are correct.
  5. Never reply back directly  – If you are uncertain, take the time to call the sender, validate the email sent and the requested response. However, only use legitimate numbers, like those in your contact list or on the sender’s actual website. Phone numbers or emails listed in the email are often false. It’s another way for cybercriminals to expand their scheme and convince even skeptics of their “good intentions.”

Email doesn’t have to be frightening. Look for the warning signs and take your time in validating the authenticity of the email. If you do so, you’ll avoid having to tell the terrifying tale about when you fell victim to an email scam.