How the non-stop barrage of scam emails catches some people off-guard.
“You Paypal account is on hold. You must log in immediately to update missing information or we will suspend account. Enter you log-in here.”
Receiving an email like this might be a cause for concern except for three things that caught my attention:
- Paypal — like all reputable and secure sites — won’t ask me for my log-in information.
- Emails from large companies like Paypal usually use good grammar —for example they know the difference between “you” and “your”.
- I’m pretty sure the outgoing email address for Paypal is not “email@example.com”.
Emails like this are generally referred to as “phishing”.
Phishing is defined in the Oxford dictionary as “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.”
These phishing efforts are intended to do one of three things: get your private information so they can steal your identity; extort you for money directly; or install malware on your computer often for ransomware attacks.
The most common phishing email is looking for your credentials: your log in and password.
It’s also increasingly common to receive extortion emails. A common one was sent to my friend recently. The email told her that they had filmed her “enjoying” a porn site and if she didn’t want them to publicly post the film of her using porn she needed to send them money.
Fortunately my friend is smart enough that she didn’t fall for it. Knowing that she had not visited any porn sites and that her laptop camera was blacked out also helped. However, for many people, an email like that might have seemed more ominous.
Is phishing really that big of a deal?
Phishing is a huge problem for all of us, and getting worse every year.
An estimated 4% of all emails are phishing attempts. In March 2020 alone, over 60,000 phishing sites were reported to cybersecurity experts.
Microsoft found in 2019 that phishing emails had increased 250% in one year.
I believe it. I have received twelve phishing emails in the last two days. Almost all of them purported to be from either Paypal or Apple.
Cyber security company Avanan reports the two most popular brands phishers pose as are Microsoft and Amazon.
That makes sense when you think about it. Most of us have a relationship with one or more of these services, so it makes a person more likely to believe that they are being contacted by the company.
Chances are good you have received one or more phishing emails in the last month that, at first glance, appeared to be from one of these four companies.
Banks and credit card companies are also frequent targets. If you send enough emails pretending to be from Wells Fargo, sooner or later you are bound to hit the email of someone who is actually a Wells Fargo customer.
How can we protect ourselves from being scammed?
You have to be vigilant to protect yourself from scammers trying to get your information.
Your email spam filter is not enough to protect you. Even though the filters get more sophisticated every day, so do the phishers.
Here are some tips from security experts:
- Verify the sender before you open any message.
- Never respond to these phishing attempts. It might be tempting to mess with the scammers but your response only confirms your information and lets them know they have a good email. That increases your risk.
- Forward the email to your email provider and the company so they can report it and investigate it.
- Never click on any links, downloads or attachments in the emails no matter how real they look.
- If you think the email is legit, close it and go directly to the website through your browser and log in that way.
- If the email is attempting to extort money from you, don’t panic. They are almost always using generic information and betting that it will just coincidentally apply to you.
The holiday season is coming and that will prime season for new phishing scams aimed at stores where you are likely to do online shopping. Stay vigilant — pay attention, be suspicious, and when in doubt, delete!