• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » scam » Avoid Email Phishing Scams

Avoid Email Phishing Scams

2019-10-02 by Michelle Dvorak

How to Recognize and Avoid Phishing Scams

Email phishing scams are the fraudulent attempt to use email to victims into giving sensitive corporate or personal information. FBI’s Internet Crime Complaint Center reported that in one year, email phishing scams cost people $30 million in losses. Many malware and cyber attacks begin with email phishing scams that give hackers information to escalate their cyber attacks to more targeted spear phishing email scams or to compromise a network.

Business Email Compromise (BEC) scams are email phishing scams targeted at companies and large corporations. BEC scams accounted for $1.3 billion in losses in 2018. Many people feel that they may not be the likely target of an email phishing scam because they think they have nothing to lose. There are a variety of tactics hackers use to steal money. Some hackers go after large numbers of victims stealing smaller amounts of money hoping to go undetected. More sophisticated hackers launch spear phishing scams against wealthier targets including corporations hoping to steal large sums of money from fewer victims before they are detected.

READ: What is a BEC Scam?

Email phishing scams can also be used to launch malware attacks and take over computers or entire IT networks. Emails are designed to convince the victim to click on a link, download of malicious attachment, or reply with sensitive information to the hackers and giving access they need to do further damage. Sometimes hackers simply asked a business recipient to pay a fraudulent invoice by wire transfer.

Free UPS Shipping + $50 Off Truck Delivery at Tractor Supply!
Limited time offer!

How To Detect An Email Phishing Scam

All emails have two names associated with the sender. The first name is the friendly name. The second name is the sending email box name. It’s important to understand the difference between the two.
The friendly name is the name that you may have been assigned to someone in your contact list because you legitimately know them. I tend to name my phone contacts with the person’s first and last names followed by how I know them. I do this as a reminder. For example, I might have someone listed as “Mary Smith Acme Company”. It helps me remember quickly how I know the caller. This is especially important for my phone contacts, so I don’t answer a spam call on accident.

Amex Phishing Links
Amex Phishing Links

You can also assign other information to your email contacts. When you assign a name to someone in your contact list that is a friendly name. For example, I can change Mary Smith’s name in my email contact list to simply read “Mary.”

Look Carefully at the Email Address

Hackers and spammers are capable up spoofing friendly names in the email scams they send in hopes of tricking you into thinking you know the sender. If the recipient of an email scam believe they know the sender, they are far more likely to open the email and follow the instructions inside.

The sending email box address is different than the friendly name. For example, the sending email address always has the @ symbol followed by the sending domain name. Bob @ gmail.com is an example of an email box name. Whereas just Bob is the friendly name.

Hackers spoof the friendly name to trick recipients into thinking that the Sunder is familiar to them. Tricking the recipient into opening the email is the first step to identity theft , launching a phishing campaign, or delivering malware via email campaign.

Charge any battery type with the Tenergy TN471U Universal Charger
SHOP NOW!

Beware of Website Spoofing

Next, look carefully at the sending domain name. Hackers often deply a tactic called website spoofing by using a closely named domain with a variation in spelling as another attempt to trick recipients into opening an email. A common tactic is to use singular or plural versions of legitimate domain. Other times hackers use some variation with extra words added on. For example, a scammer might send a scam email from something like chase credit card support or chase support hoping to trick you into thinking it was coming from Chase Bank.

Now if they combine the spoofed domain name along with some other piece of information, they already know about you – like your first name or the fact that you have a Chase account- and use an email friendly name like customer service, you are even more likely to open the scam email.

Spear Phishing Email Scams – What’s the Difference?

Hackers often use other data they purchased on the dark web and collaborate that into their phishing emails. The more data they have on you, the more they can refine the design and wording of an email phishing scam.

READ: How Does a Phishing Email Work?

In a spear phishing campaign, the hacker has already collected information about the target. The hacker may know their victims first name, where they work or what bank they use. A spear phishing email scam might address the recipient using their first name to make the email appear as if it’s coming from someone they know or business they have a relationship with like their bank.

A common phishing email tactic asks the user to check their online account, reset a password, or verify some piece of personal information. Sometimes a phishing email scam leads the recipient to a spoof website and asks them to enter sensitive data on a fraudulent web page. Often the webpage and the scam email are both designed to look just like the legitimate website.
If the victim does enter any data like account numbers, passwords, or personal information the hacker quickly collects the information and uses it to hack into the person’s account.

Sometimes hackers ask victims to simply reply to their scam email with the requested credentials. This is especially unsecured never give sensitive data like account numbers passwords or usernames an email because anyone could intercept the information.

Any unsolicited email could be a scam. Even if it appears to be from someone that you know.

What to Do If You Suspect A Phishing Email


Be suspicious of any email that asks you to update, check, or verify your account information. Do not click on any links in the email body.
Contact the company or person sending the email through another form of communication. Go to the company’s website and get the contact information from there. Be careful however that you are using a legitimate corporate website which is not necessarily the website listed in the email as that may be a closely named spoof website.
If the person in the email seems like they’re familiar, then ask them to verify their identity. Once I was sending emails to people I knew to ask for donations to a fundraiser. One of the recipients of my request replied and asked me a question to verify my identity. She asked me how we met. I replied with how, when, and where we met. it was a good way to check on who I was and if I had legitimately sent that email, which I had.

Another way to contact the company if you suspect a phishing email is to call them. If the email is from one of your credit cards, call the number on the back of the card. Don’t use any contact information or links in the scam email.

Hackers go to great lengths to make the phishing scam email appear as though it originates from a legitimate sender. They use the same color schemes, layout, and steal logos. They use their first name if they know it.

I was receiving phishing emails that were designed to look like a credit card that I actually have. My credit card has an email address that I can forward the scam emails to so they can help fight spam and phishing email campaigns. Once I called customer service because I was receiving so many of these phishing emails. Over the phone they showed me how to be sure that the email came from them and not a hacker. There are a few elements about a legitimate email that the hackers could not know. Since then it’s been much easier to detect and mitigate phishing emails from hackers.

Fake Email Content
Fake Email Content

Phishing Email Scam Checklist

  1. Examine the sender’s email address
  2. Do not click on any links in the email
  3. Call the phone numbers provided in the message
  4. Go to the company’s official website to log into your account
  5. Do not open or download any attachments
  6. Carefully examine all electronic requests for a payment or wire transfer of funds
  7. Be suspicious of any email that requires immediate action
  8. Confirm requests for wire transfers or payment in person or over the phone
  9. Do not verify any requests using the contact information listed in the email

Filed Under: scam Tagged With: email scam, phishing email

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version