How to Identify Email Scams and Phishing

As more and more communication and business practices take place online, it’s no surprise that we’re also seeing an increase in digital crime. While we may take extra precautions when withdrawing money from an ATM in a big city, how often do we actively disregard safety precautions when checking our email? Digital crime may not generally affect our physical safety, but it can be incredibly harmful and destructive to our financial lives.

Internet crime was an issue before COVID-19, and it’s only gotten worse. Let’s face it, we’ve been shopping and working online now more than ever, so it’s no surprise that many criminals are shifting their focus to the Internet. Research provided by the FBI’s Internet Crime Complaint Center (IC3) 2020 Internet Crime Report shows staggering leaps in reported cases of internet crime in 2020 — and it’s a safe bet that there are many crimes that go unreported. In 2019, there were nearly 115,000 reported cases of phishing (and it’s other digital counterparts: vishing, smishing, and pharming); that number leapt to well over 241,000 in 2020. Similarly, identity theft had over 16,000 cases in 2019, but more than 43,000 cases in 2020. In both instances, reported crimes have more than doubled in a single year.

The term “phishing” refers to a scam used to trick someone into sharing personal information, such as their bank information, social security number, or passwords, to use for illegal purposes. 

Hackers are a very real threat to our data’s security. Luckily, there are a number of warning signs that we can watch out for to keep our inboxes safer.

Weird Email Addresses

Always double check the email address of any email before you click on any included links or attachments. Business emails, after the “@” sign, will almost always correspond to the URL for the business they belong to. Look out for email addresses that contain numbers, a bunch of weird letters, or anything else that looks suspicious.

For example, our Goodshuffle Pro team member emails will appears as:

[email protected] OR [email protected]

As you know, our URL is pro.goodshuffle.com

If your see something along the lines of:

[email protected] or [email protected]

…it’s a sign something is wrong.

This should be a good initial indicator that the email is legitimate. However, it’s important to consider other factors below before clicking links or opening attachments.

Another sneaky tactic is substituting letters that look similar to each other in an effort to mislead you. An easy example of this is replacing ”.com” with “.corn.” It’s not easy to tell the difference, is it? The first example is “.c-o-m,” while the second is “.c-o-r-n.” These subtle changes can be easily missed, especially if you’re tired or busy — and that’s what criminals are betting on. Like I said, sneaky.

Requests for Funds

If a mysterious stranger, claiming to be a prince of a small forgeign nation or Beyoncé (no, really, I’ve actually seen reports of this), contacts you requesting money for some admirable or financially lucrative purpose, I guarantee it’s a scam.

While many of these phishing attempts are pretty easy to spot, some of them are pretty slick. I’ve personally received emails from criminals pretending to be my medical provider requesting that I pay my bill online through their portal — and they almost got me. The fact of the matter is, you should be highly suspicious of any email requesting money in any form. In my case, I opened my internet browser and went to my medical provider’s site on my own — without clicking on their link. Do you know what I discovered? No bill.

When in doubt, you can always go to the website of the company you think may be requesting payment and check directly, or reach out to someone with the company to confirm that the email is legitimate. Just don’t click on those mystery links!

Requests for Personal Information 

Do you remember when your parents told you not to talk to strangers?

A similar line of thought applies here: don’t give personal information through email, as you never know who the person on the other side may really be. And never share financial information over email. Email simply wasn’t built with that level of security in mind, and if the person contacting you doesn’t have a minute to take your info over the phone, I’d seriously question who they really are.

Attachments and Links

Don’t talk to strangers, and certainly don’t take candy from strangers.

Unless you are 100% certain you know who an email is from and you were expecting the email, don’t open any attachments. Opening attachments essentially grants the sender access to your computer, as you never really know what’s in an attachment until it’s too late.

Links can also be a trap to gather information for nefarious purposes — and potentially trick you into downloading something. Unless you know who a link is from, it is smarter to go directly to a website instead of clicking the link.

They Don’t Address You by Name

Any official emails from a company will address you by your name. Even subscription emails and newsletters gather user’s names to include in their regular email updates to keep things personal. Knowing that bit of marketing information, emails that address you in a generic way, such as “Dear Valued Customer,” are likely scams, so exercise caution when you receive one of these.

Poor Spelling and Grammar

Major businesses typically have more than one person proof-read an email if it is going to a large audience or is a form-type letter (such as bill pay reminders). It simply isn’t professional to send out an email that is full of spelling and/or grammatical errors. So, you receive an email that is full of errors, it may be a scam.

I Received a Phishing Email, Now What?

If you receive an email, do not open any attachments or click any links. If possible, report the phishing attempt to the actual company the scammers are attempting to impersonate, and then report the phishing attempt to the appropriate authorities. USA.gov has assembled a list of agencies accepting phishing reports; reporting these scams, whether or not they were successful, increases the likelihood that criminals will be caught and held accountable.

If you have accidentally given personal information to one of these phishing schemes, contact your bank, update your passwords, and contact your local authorities to file a police report. It will also be beneficial to set up fraud alerts and identity theft protection with your banks and/or a third-party service.

If you have opened an attachment, disconnect your device from the internet, back up any essential files to a device not connected to the internet (like a USB thumb drive) and run your virus protection software immediately. It is also advisable to update your passwords from a different device.

While it may seem like there’s a lot to look out for, it’s worth the extra effort to avoid having your information or identity stolen. Not only can that process be costly, it can also wreck your credit history. If that happens, you may be looking at a months-long recovery process, difficulty getting loans, and increased insurance rates. However, once you know what signs to look out for, the process of spotting suspicious emails will become second nature. If you learn nothing else from this post, remember: Don’t open attachments or links from strangers!