Email scams are attempts to gain sensitive information or money by sending you deceptive and/or dishonest emails. Scammers will often impersonate ligitimate organsiations and/or individuals in order to gain your trust and provide them with sensative information or participate in fraudulent transactions. Unfortunately email scams have become increasingly numurous, harder to spot and much more convincing than those in the past.
Email scam types
Phishing: This is a general term for any scam that is attempting to obtain sensitive information from you. Information may include but is not limited to usernames, passwords, or credit card details. Phishing emails will often impersonate trusted entities (banks or government agencies etc) hoping to gain your trust and may also try to persuade you to click on a link or download an attachment.
Spear Phishing: A targeted form of phishing, these scams focus in on specific individuals or organizations. Scammers research their victims and will attempt to create personalised emails that appear real. They often include information we would expect to see (name and address etc).
Whaling: A type of spear phishing that targets high-profile individuals, such as CEOs or other senior executives. The scammers aim is to steal sensitive information or initiate high value fraudulent transactions.
Business Email Compromise: This scam involves scammers gaining access to or impersonating business email accounts to fool employees into making fraudulent payments or sharing confidential data.
Clone Phishing: Involves cloning an email that was previously sent by a trusted source. The email will be altered in some small way (eg: a malicious attachment or link).
Pharming: This scam redirects users to fraudulent websites that attempt to steal sensitive data such as login details or personal information.
Angler Phishing: Scammers use social media to fool users into providing login credentials or other sensitive information by impersonating legitimate organizations.
Malware Phishing: Are scams trying to get you to download and install malware (computer viruses or ransomware, etc.) onto your device. Types of malware include ransomware (A program that allows the scammer to lock up your device and then demand a ronsom for release)
How to spot an email scam
- Always look over an email carefully before replying, clicking on a link or opening an attachment. Look for inconsistencies such as incorrect spelling, formatting or a mismatching return email address.
- Ask yourself why have you been sent this email? Did you have recent dealings with an organisation with the same name/logo. An email sent to you for no reason should be considered suspicious.
- If the email appears suspicious scrutinise it to determine its intention. Does it want you to click on a link, open/download an attachment or is it asking you to update information such as passwords or personal details? Consider going to the business's official website or phoning the business direct. By taking this route you are not participating in the actions the scammers needs to entrap you.
- Ask for advice. Another opinion can often quickly and easily shed light on whether an email is genuine or not.
- If you are an advanced user always check the email headers of suspicious emails via your email client. Look for disingenuine or inconsistent header information, failed authentication results, a high spam score as well as scrutinising the return email address. They may provide further evidence of a scam.
What to do if I have been scammed
- Don't delay in taking action. Although taking time to feel sorry for yourself may seem natural it also gives the scammers the time they need to fully enact out their fraudulent plans.
- If you provided sensitive information (eg: Personal data) to the scammers contact the businesses and/or government department that resides over the information and report that you have been scammed and the data is now compromised.
- If the scam involved you conducting financial transactions contact the bank and report the incident. It may be possible to get some of the money you lost returned but you need to act quickly.
- If you opened or installed any suspicious files on your computer during the scam ensure these have been cleanly uninstalled. Seek professional assistance if you are not sure how to do this.
- Reassess the security of all affected accounts by updating your passwords and include 2 Factor Authentication (2FA) in your login process. Although annoying when you're logging into accounts (2FA) is one the most effective security measures on offer.
- You can also report the scam that you were unfortunate enough to experience to the authorities (eg: scamwatch.gov.au) in an effort to warn others and perhaps assist in helping to stop the scam.
- Be aware of follow up scams. The scammers now see you as a target and you are likely to see further attempts to scam you in the future. Some of which may be disguised as an offer to help scam victims.
Keeping yourself safe from email scams is an important part of communicating online and you should always be watchful with each and every email you receive.