Home Security Heroes independently tests and reviews every product. We may earn a commission when you buy through our links. Read more here.
Email is a powerful tool for good that almost everyone uses in the modern era. Whether for business or pleasure, it allows for instantaneous asymmetrical communication between two people, or even multiple at once, acting as almost a complete upgrade over traditional mail systems, which have gained the moniker “snail mail” in recent times for a reason.
But for all the uses it has for the average person, it is also a notably powerful tool in the hands of con artists and other bad actors.
Email scams are as common as regular emails, though most don’t see them as often these days. Spam filters are highly advanced these days, and catch messages flagged with certain repeated phrases or tell you to send them straight to your junk mail file.
Sometimes, however, messages get through the spam filters by being well crafted and believable enough to avoid them. Or perhaps you need to go diving through your spam folder to find some email that was falsely flagged which you need for some important purpose.
In either case, you’re going to be exposed to attempts to take your money, your identity, or both with no thought given to the consequences that will have on your life.
These scams range from the obvious to the insidious, so let’s go over the most important skill you need to have to avoid email scams: recognizing them.
Identifying Email Scams
The first thing you need to always keep in mind is that official communications from companies will never ask you for your personal information. They usually won’t send you emails unprompted at all, save for maybe something like a newsletter or sales notification.
They are certainly not going to send you an email that, for example, looks like this:
This is the quintessential example of a fairly obvious scam email, pulled at random from my recent spam. It doesn’t look like official documentation at all, which would be obvious if you’ve ever received a communication from Amazon. If they send you a receipt, which this is clearly trying to masquerade as it will look something like this:
Note the complete difference in formatting, and the lack of invitation to call them and “sort things out”. If you have an issue with an Amazon order, Amazon knows you will seek THEM out to fix it. This is one way where a giant corporation not particularly caring about you as an individual helps out a lot in filtering out fraud. It is your responsibility to fix any transactions that may be fraudulent.
Speaking of, an easy way to tell if you get an email that looks a bit more official? Just check your bank and card statements. If there really is an unexplained $2000 charge on one of your cards, that’s something you can sort out by calling your bank, the company you supposedly ordered from, or preferably both, to get the transaction canceled and refunded.
Calling one of the numbers listed on an email like this, or clicking any of the links is a mistake.
What Kinds of Scams Are There?
As with any other kind of fraud, email scams take many forms. Thankfully, criminals don’t tend to get too creative, especially if they’re just trying to cast a wide net and make a quick buck off the unprepared, unlucky, or vulnerable people in society.
The same types of scams have existed for as long as the internet has been around, and even longer.
1. Advance Fee Scams
One of the most notorious scams out there is the “Nigerian Prince”, or “419” scam, wherein someone claiming to be currently down on their luck and in need of royalty asks for an advance of some arbitrary sum of money to get them back on their feet, whereupon they’ll give the generous soul a large sum of money in gratitude.
This is one of the most obvious scams out there, and it’s meant to be. It’s also one of the most successful, though it doesn’t always take the same form.
The 419 scam is just a variant of the broader term “advance fee” scam, and it’s been around for a long time, predating the internet by close to two hundred years. Sources claim it’s been around since the late 18th century, though the earliest known example I could find was from 1905.
Known as the “Spanish Prisoner” scam, and sent by normal mail, it bears an eerie similarity to modern scams of the same type. Spanish royalty fallen on hard times, thrown in prison, needs money for bail after which they’ll gratefully reimburse the generous soul and then some.
While typically more maudlin than modern scams of the type, it exemplifies that scams that may seem obvious to the average person can nevertheless be successful, so much so that they’ve been in use with only changes to the details and medium of delivery for a minimum of a hundred years. “Don’t fix what ain’t broke” applies just as well to criminal activities as anything else, it seems.
It should go without saying but do not under any circumstances give someone you do not know money with the expectation that you will be compensated later. It’s not going to turn out in your favor.
|By the Way…As a general rule, it’s a good idea to never give anyone you think you DO know money and expect to be compensated later. This is a good rule to live by, but it especially rings true if they’re asking for money by email.|
2. Distressed Relative Scams
A variant of the advance fee scam involves more insidious means. Rather than claiming to be a stranger that needs help, these scams claim they are a family member or friend that needs help.
Receiving one of these types of emails is an indication that much more is wrong than you just being targeted by a scattershot scam. These are often used by criminals who have not only hacked one of your family or friends’ accounts, but now have some of your information as well, usually by simply searching through that person’s contacts, friends lists, or email history.
These can be harder to filter out, as we’re more inclined to believe that Aunt Becky or our best friend Jim from high school might have fallen on hard times and need some help getting back on their feet. And it comes from their own account, making it even harder to mentally filter out as a scam.
A good practice to get into here for this one is finding some way to contact the person who supposedly sent this email. Phone calls are good, but meeting in person is even better. It allows you to verify the identity much better than a text-based medium, and if they truly do seem to need help, you can wire them some money.
This sadly doesn’t help you if this scam is, truly, coming from a family member or “friend” who has no intention of paying you back, but that is the risk we run in trusting anyone: that they might betray that trust. At the very least you have legal recourse if the money was given with express, stated intention of them paying it back, so you’re in a better position than with an anonymous fraudster.
A subset of these is to watch out for CEO scams. They’ll claim to be, quite convincingly, from the CEO of the company you work for, with very official-looking documentation and all the right information from name, down to photo, to the name of your financial department’s representative. The other details are the same; they ask for money, urgently, in order to pressure you into paying, but of course, it is not for any work-related reason as you might be panicked into believing.
Phishing is a catchall term where the main goal of the scam isn’t to get your money (at least not right away), but your information. They’ll be sent from an official-looking source, with something that seems like a legitimate email, and both blatant and subtle attempts to get all sorts of information from you.
They may be sent from a “government” website asking you to re-register to vote because your voter registration is expired (this will never happen), a company you hold an account with asking you to verify your information to “ensure you haven’t been hacked”, or any number of other things.
The one thing these all have in common: they will ask you to click links and give information that no real company would ever ask for. No real company will just solicit you for information out of the blue. If you’re signing up for an account? The site will certainly ask you these things.
They will never send you an email, however, telling you that they need your social security number input in this exact window to verify your identity.
Ultimately the main thing you can do here is follow basic internet best practices, as I’ve discussed before.
Don’t click strange links or especially open strange attachments; if it looks official, navigate to their official site yourself and check. Double, even triple-check to make sure the sender is legitimate before giving them the time of day. And if there is any doubt in your mind that the email is fraudulent, just ignore it. If it’s important, they will contact you again in some way, maybe even over the phone (though this is no guarantee of safety either).
Basically, if an email looks something like this…stay away from it.
One of the most blatant means these scams try to get your information AND your money is by blackmail. This blackmail could be legitimate, or it could be fake. Usually the latter.
Whether it’s real or not, one of the best things you can do to avoid being blackmailed? Ignore the problem until it goes away.
The catch-22 of trying to blackmail someone is that once the blackmail material is spread around, the sender has no leverage. And if you don’t care whether it’s spread around or not, the sender has no leverage.
The entire point of blackmail is to try and scare you into doing something stupid. Unlike most problems, if you ignore it the issue will probably go away.
What Can You Do to Stay Safe?
While a lot of specific methods have been mentioned already, they all boil down to the same basic creed: trust no one. Or at the very least, trust but verify.
Whether something looks legitimate or not, it never hurts to double-check. One of the beauties of email is that it’s an asynchronous method of communication. One person sends, and the other can reply at their leisure.
There is no true concept of “urgency” in an email. If it was truly urgent, someone would have called you or tried to set up a face-to-face meeting.
This means that no matter how much an email tries to pressure you, saying that you should “act immediately” to solve an “urgent” problem that you need to “act quick” to resolve “before it’s too late”…you’ve got time.
Take that time to look into the sender. Is it a personal email? It’s almost certainly a scam. Unless it’s someone you know personally, no private citizen is going to be contacting you about money matters that haven’t already been pre-arranged.
If it seems like it might be legitimate, research more deeply. Look into their name, and who they claim to work for, and pore over the info available with a fine-toothed comb.
Never, EVER click a link unless you’re 100% sure it leads where you think it will. You can always mouse over and check, and if you’re not sure if it’s trying to bamboozle you with some bogus URL that’s one letter off…navigate there manually to check. It doesn’t take much longer to type “amazon.com/customersupport” than it does to click a link that says the same thing, or may instead read “amaazon.com/customer_support” and take you somewhere you do not want to be.
Don’t send a stranger money. Ever.
Last but not least, trust your spam filter. If an email is tossed in spam, it’s probably junk, and if an email is flagged as “suspicious” it’s probably for a very good reason.
It’s sort of like working with your computer. While there may be some corner cases where you want to ignore the computer’s error message, this isn’t something that should be done unless you’re a power user who knows exactly what they’re doing.
When in doubt, don’t touch it.
Other Related Articles:
Last Updated on