You receive an email from Unclaimed-Stimulus-Check-Infoteam@acc0unt.com urging that you have “(1) Unclaimed Stimulus Check” accompanied by a flashing pink button that states “CLAIM YOUR REWARD NOW”! You may be tempted to press that big glowing button and claim your stimulus check for $1400 and finally get the money from the government to buy that new Nintendo Switch your son has his eye on. Unfortunately, this email is probably not from the IRS. In fact, you may be remembering that the IRS never sends emails, and certainly not from an @acc0unt address.
This is likely the work of a cybercriminal, or scammer. These days, you may have noticed that your inbox has become flooded with ad campaigns, promotions for clothing retailers, or newsletter blasts from your local grocery store. Most of these emails are harmless.
On the other hand, clicking on an email like the so-called ‘unclaimed stimulus check’ offer is incredibly dangerous. This is because emails like these are phishing scams, or deliberate attempts on the part of cyberattackers to steal your valuable, sensitive information, such as your bank account information, social security number, or website login credentials. Falling victim to phishing scams can be highly dangerous. In fact, according to the FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in one year.
How to Protect Yourself from Scams
Cybercriminals will often disguise themselves as reputable companies or even governmental bodies like the IRS in order to get you to relinquish your personal information. Luckily, however, these phishing scams can be pretty easy to spot if you know what to look for.
Here are some tips to look out for in order to keep yourself safe from scammers!
Scams Are Usually Written Poorly.
Typically, the copy on phishing scams is riddled with grammatical errors and spelling mistakes that reputable corporations would never make. Often times these phishing individuals make minor errors in communication and writing and you can recognize it right away in the content writing.
Often phishers will not have enough of your personal information to accurately address you on their scam, and may use dead-ringer greetings like ‘Hi Dear,’ or in the case of the stimulus check scam, your last name as your first name.
No Business Contact Information is Provided
Most reputable businesses want you to contact them to follow up with inquiries about their goods or services. If an email does not include business contact information, with no address or phone information, it can be a good sign it is not a reputable operation.
The Logo May Look Slightly Off.
Take a close look at the logo that accompanies the email you receive from ‘Netflix’ alerting you of suspicious activity on your account. The logo in a phishing scam can often be slightly blurry, or have an off aspect-ratio dimension. Reputable corporations employ individuals to directly oversee communications, and have the money to ensure that the resolution of their emails is of the utmost quality. If you have to squint to recognize the email or zoom in, it’s probably likely it’s a scam!
Avoid “Free Gift” Offers
If you receive a SMS message, email, or message on a social media platform urging you to come claim your “free gift,” it is best to throw that message in the trash. Often scammers will force you to participate in several rounds of surveys in order to receive your “free gift,” requiring you to purchase items or requiring your credit card number to sign you up for unwanted monthly charges, or in some situations, even installing malware onto your device.
Scan All Attachments for Malware
Email is the primary method of communication between members of organizations, especially when it comes to sending over sensitive email attachments. Unfortunately, cybercriminals have recognized the potential of phishing through ‘Trojan Horse’ email attachments that target user devices or networks. Organizations can suffer severe data breaches if one of its members opens a suspicious email attachment or clicks on a malicious link that can compromise employee personal information.
You may be asking, ‘But how can I spot these suspicious email attachments?’
File name extensions can be helpful for determining the file type of attachment. You should try and avoid all .exe attachment forms, because if downloaded, this type of file can install malware to your computer. Some cybercriminals also utilize Microsoft files to infiltrate organizations and trick you into downloading malware. These malicious ‘macro files’ are programming to execute a function – in phishing cases download malware – and typically end in an ‘m’ such as .docm, pptm, .xlsm, .jar, .cpl, .com, .bat, .msi, .js, and, .wsf.
Also make sure to cross-check the sender. If it’s someone outside of your organization, or even if the sender name looks a bit off or suspicious (often attackers can masquerade as members of your organization but may spell names wrong or use odd capitalization) it’s always a good idea to call and confirm if the email attachment is a macro file or an encrypted archive zip file. Attackers hide malicious software in archive files ending in .7z, .rar, or .zip and you should always be wary of email attachments with these file archive extensions.
Most email applications and web mail services nowadays include a spam filtering service that will help you block most (But not all) of unwanted commercial emails. Advanced scammers monitor spam filter code and adapt in order to get around spam firewalls, so it’s important to still remain vigilant even when you have a filter enabled for your inbox.
Nobody wants to fall victim to an email scam. However, there is a reason why 30% of phishing email scams are opened – attackers are innovative and scams are lucrative enough for cybercriminals to make massive profits. That is why it is important to remain hypervigilant. Hopefully with these tips, you will become a phishing-spotting expert, and if you keep these tips in mind, you can continue to safely use the Internet and avoid becoming a victim yourself.