Everyone connected to the internet receives emails in some form and almost certainly has been sent an email considered fraud. 2.7 million emails are sent every second and about 60% of those are what IT security professionals would consider fraud. The most common type of fraud is called “Phishing”, a social act in which the sender tries to impersonate a legitimate service or company to gain either your personal information or access to personal websites. This is accomplished by the fraudsters creating identical websites to the legitimate ones and prompt you to “update” or “verify” your information.
What is the goal of the email scam?
Emails scams always want the same thing, sensitive information, and they use multiple ways to obtain it. A best practice to avoid becoming a victim is to not enter any data via an email sent to you that you are not expecting. If you receive an email asking for the following information always double-check that this is something you had requested:
- Personal Identification: Social Security Numbers, Drivers License and Passport Numbers
- Bank Account Numbers: Credit and Debit Cards, Checking and Savings Accounts, Investment Accounts, Mortgage Accounts or any Loan Numbers
- Online/Digital Identifiers: Username and Passwords to any websites you use
- Business Information: Customer or Supplier Information, Financial Data and Reports or Business plans
How do you decipher a fraudulent email?
The simplest way to determine if an email is fraud is to read the email and notice the grammar used. Legitimate emails are well written with no misspellings or pour grammatical errors. Also, fraud emails most commonly have a dramatic backstory or try to evoke emotions of fear, panic, despair or even thrill. Another tip is to examine the “From” email address very closely and match it with the site you are familiar with. These fraud email addresses will look almost identical to the real website but usually have a small variation or will start with HTTP instead of HTTPS where the “S” stands for secure.
What are types of email fraud?
- Job Fraud: These are offers for individuals to work from home for a small “Startup Fee” or promise to overpay considerably for a set time period in the beginning of employment.
- Voter Registration: The 2020 election is nearing, and fraudsters take advantage of this by sending fake surveys, petitions and opportunities to donate to fundraisers.
- Lottery’s: These generally revolve around playing Foreign Lottery’s which are against Federal Law and usually come with little to no chance at winning.
- Family Emergency: This fraud attempts to have you send money due to an extreme event that is happening to a family member.
- Romance: It relies on gaining the victim’s affection over a period to ultimately commit fraudulent acts.
- Advance Fee: Someone requiring an upfront fee to receive items with considerably more worth such as stock certificates, cash or other items of value.
With the upcoming election, it is important to be aware of auto-generated emails from local groups that seem legitimate. The logos and message may blend in with all the others but pay close attention to any asking for important updates to personal information or donations. The sender’s emails will often come from an unknown website or even from a common email provider like Google (GMAIL).
What to do with fraudulent emails?
A good practice is to report all suspicious emails to the FBI Internet Crime Complaint Center and the Federal Trade Commission as they both track them along with many local authorities. Henry+Horne Wealth Management has a zero-tolerance policy in place for Phishing emails and conducts training for its employees on all cybersecurity matters. If you believe you have received a suspicious email, please feel to contact our office or report it to;
- Federal Trade Commission Deceptive Spam at firstname.lastname@example.org
- Anti-Phishing Working Group at https://apwg.org
- The Cybersecurity and Infrastructure Security Agency at email@example.com