Online scams are increasing at a frightening rate. In 2021, Americans lost more than $6.9 billion due to cybercrime, 250 million of which were phishing attacks. The number more than doubled in 2022, with more than 500 million phishing incidents reported. With stats like that, it’s hard to stay blind to the growing danger of cyber threats.
What about you? How exposed are you to scammers and online threats? I mean, you have a spam filter and antivirus software, you must be safe, right? Wrong! The classic “this will never happen to me” approach is familiar to all of us, no one wants to think that they’ll fall for scams, we’re just too smart to let that happen - aren’t we?
The truth is that just by looking at the sheer numbers, you’re either bound to fall for one of these scams or at least experience an attempt to be lured into one. In this article, we’ll explore how online scams and cyberattacks end up in your inbox as phishing emails. Let’s jump right in.
What are cyberattacks, online scams, and phishing emails?
A cyberattack is basically when someone tries to get into an organization's system to gather financial information, mess up operations, find weaknesses to exploit or steal valuable databases. While the attack itself is on corporations, It's not like they’re attacking Facebook, Twitter, or LinkedIn for fun. It's to get their hands on user’s information - that’s you!
An online scam is when hackers or cybercriminals try to deceive you (while online) into giving away money or personal information. They use different tricks like fake websites, emails, phishing, or pretending to offer investment opportunities. The goal is to deceive and defraud unsuspecting individuals. While cyberattacks and online scams are similar, attacks are usually larger scale and target organizations rather than individuals.
Identity theft is when scammers steal your personal information, like bank account details, social security number, credit card info, or login information. The scammers can then use this info for fraudulent activities like opening a bank account, ordering a credit card, taking out loans, mortgages, insurance, passport, and medical records, all using your personal information. They can even sell your identity to criminals on the black market - it’s basically a jackpot for scammers. Cyberattacks and online scams are avenues through which cybercriminals operate, and phishing emails are the most common method they use.
What are phishing emails?
Online scams have evolved greatly since the Nigerian prince schemes. While the goal remains the same - to steal credit card numbers, sensitive information, phone number, and account numbers, the phishing messages and tactics have become much more clever.
Scammers today are able to impersonate major companies so well that it's almost impossible to tell the difference. They create fake emails that look identical to official messages from a legit organization - same logo, branding, and colors - you wouldn’t even be able to tell the difference.
Image Source: PayPal Community
The tone of the email is urgent, aiming to catch you off guard, lure you into a convincing storyline and panic you into acting without thinking. This is where scammers employ social engineering techniques aiming to make you believe that by acting fast, you’ll either make bank or be saved. Nasty, right?
It doesn't stop there - the emails may also contain attachments, malware, or harmful links. Once downloaded or clicked, you’ll either be led to dangerous websites or malicious software will automatically be installed on your computer.
But wait, I have a spam filter, so phishing emails can’t infiltrate my inbox, or so you think. Unfortunately, one of the most frustrating parts about phishing emails is that they DO bypass spam filters and end up in our inbox, which makes them seem totally legit. So how do phishing emails bypass spam filters? I mean, we have self-driving cars, cloned sheep, and walked on the moon, surely we’d be able to stop phishing emails before they get into our inbox?!
Why do phishing emails skip your spam?
You've tried tweaking your spam filter and scanning every attachment, but no matter what you do, phishing emails always manage to slip through and end up in your inbox. Sound familiar?
Is it your fault? Nah, probably not.
The truth is that while Google and other email platforms provide amazing features, they just can't keep up with cyber criminals. And therefore, a small percentage of phishing emails will always find their way into your inbox.
Stop phishing emails before they reach your inbox
To avoid being flagged as spam, scammers employ some of these simple tactics:
-
Avoiding suspicious language, scam terminology, and phrases. For example, avoiding words like FREE and special reduces the likelihood of triggering spam filters and increases the chances of emails reaching your inbox. Yikes.
-
Limiting the use of capital letters and exclamation points. Excessive use of CAPS and !!!! can be perceived as aggressive or spammy behavior. GET THE PICTURE!!!!!!!?
-
Maintain a text-to-image ratio of 80:20. Meaning that an email with mostly text and limited images ensures that the message is more easily digested by email filters.
-
The use of trusted domains plays a crucial role in ensuring successful email delivery. Using well-established and reputable domains helps establish credibility, making them more likely to not be caught in spam filters.
Scammers use these guidelines and often take it up a notch by utilizing spoofing and obfuscation. If that sounded like gibberish, don't worry, we’ll explain.
Email spoofing - is when an attacker uses a fake email address with either the domain of a legitimate website or one very similar to it. Or in other words, scammers create domain names that closely resemble legit company's websites and then use them to create an email address.
The email below is a good example of how scammers try to impersonate Binance. The branding, logo, and email domain look similar to the real domain used by Binance. Although the sender's display name is Binance, the actual sender's email address was sent from: do-not-reply19@www--binance.com, which uses a lookalike domain – a common way for attackers to impersonate Binance employees.
Source: BinanceSadly, to the untrained eye, the email might look totally legit and may go under the radar. Add a sense of urgency, copycat branding, and a good story to the mix, and the phishing email might lure you into giving up your credentials and other personal information.
Email obfuscation - is another tool scammers use to disguise or obscure email content. Spam filters often rely on automated tools to scan emails for malware and dangerous attachments. Scammers know this, so they modify or encode an email in a way that is still recognizable by humans but less easily recognizable by automated tools like spam filters. This way, scammers can evade spam filters and infiltrate your inbox.
How can I protect myself from phishing emails?
Wow, we know that was a lot to take in, and we hear ya, the world of phishing scams is dark and bleak. But it doesn’t have to be. Not if you have Guardio by your side.
Guardio protects you from malicious emails that get past your spam filter by:
-
Identifies senders with a bad reputation.
-
Constantly protects your inbox from phishing emails and new threats.
-
Tells you if the email contains links that lead to dangerous sites.
-
Notifies you in real-time if malicious emails bypass your spam filter.
-
Recognizes malicious emails that pose a risk to your personal information.
Guardio helps eliminate the risk of falling victim to phishing attempts or accidentally engaging with malware.
How to spot phishing emails
Emails and text messages that contain phishing attempts are disguised to look like they’re from a company or person who you know and trust, such as a bank, credit card company, social networking website, or online account. A phishing scam usually begins with a story intended to trick you into clicking a link or opening a malicious attachment. They may:
-
Offer a coupon for free products.
-
Say that you’re eligible to register for a tax credit or government assistance program.
-
Ask you to confirm your account information.
-
Claim that there was a problem with your payment information.
-
Say that they noticed suspicious activity or log-in attempts.
Criminals continuously change their methods, but there are a number of red flags that you can watch out for that might indicate that an email or text message is actually an attempt at a phishing scam:
-
The email appears to be from a company you know and trust, but the sender’s email address doesn’t match the company name itself.
-
The email doesn’t address you by name. A company you do business with will have your name on file and address you by that name.
-
The email asks for your credit card details or personal information.
-
The email contains misspelled words or bad grammar.
-
The email asks you to click on a link to update account information but brings you to a website that doesn’t match that of the company you do business with.
With millions of phishing attacks reported every year, it's important to know what scammers are doing and take proactive measures. You can spot phishing attempts more easily if you're aware of red flags like suspicious email addresses, generic greetings, spelling errors, and personal info requests.
The best way to avoid phishing scams is to stay informed, practice caution, and use reliable email protection solutions like Guardio.
