Email Phishing for a Shark
Last week Shark Tank’s Barbara Corcoran was in the news after her office fell victim to an email phishing scam. According to Forbes, Corcoran’s bookkeeper received an email with an invoice for real estate renovations. The scammers used the name of a real German company for the invoice. The only clue that the email was a scam was a single letter misspelled in the email address. Despite the scam, Barbara tried to keep a positive attitude and told People “I was upset at first, but then remembered it was only money”.
Luckily for Corcoran, she was able to recover the stolen money. Unfortunately, not everyone who falls for an email phishing scam ends up getting off the hook.
If it can happen to Barbara, it can happen to you. Sometimes not even sharks can avoid the bait.
Email Phishing – what is it?
Fraudsters want you to fall for their email phishing scams: hook, line and sinker. And just like any good fisherman, scammers will try to lure you with convincing clickbait designed to deceive you.
Email phishing is “a form of social engineering — phishers pose as a trusted organization to trick you into providing information” (Norton). These scams aren’t limited to emails alone – text messages and phone calls have also been used for similar phishing attempts, but that’s for another article. 😉
Email phishers typically want you to either click on a link or send something to them (i.e. your money, password, personal info, etc.). They will try to come up with a convincing reason for you to follow through with their request. For example, Barbara’s bookkeeper was specifically targeted with a real estate invoice because this is the type of request she frequently receives as someone active in the real estate market. They used a real company name, and an email address that would look familiar to the target. This convincing bait was designed to spear a shark.
How to spot Email Phishing
As the world evolves, so do scams. But there are a few telltale signs you can look out for.
These scams often look like they are from someone you know:
- your bank
- your credit card company
- a store you’ve bought something from
- a social media site
- an app
- your boss
Remember this is social engineering – phishers will try to sell you a logical story to get you to click on a link or send information. With so much of our personal information available for the world to see on social media, it isn’t that difficult for someone to find details to add that can make their story all the more convincing. According to the Federal Trade Commission, phishers might:
- send you an invoice
- include a link you should click on to send money to
- ask you to confirm some personal information
- claim you need to update your account/account password/update account details
- report a suspicious login account on one of your devices
- inform you it that it is time to change your password
- let you know you’re eligible for a refund or that you won a prize
- include a coupon
Any eye to detail could save you from falling for the bait. Check for these signs if you’re not sure if an email is legitimate:
- grammatical errors
- spelling mistakes
- generic greetings/not very personal
- weird links
- unusual email address
- the style of the email doesn’t fit
- the email is from someone you’ve never contacted before
Don’t take the bait – recognize the signs of a scam.
Questions to ask yourself when you suspect an email phishing scam:
Unfortunately there isn’t a one-size fits all solution to avoid being scammed. The best advice is to take on a privacy aware mindset whenever you’re online. Here are the type of questions you should ask yourself when watching out for phishers:
- Would this person/business/agency normally ask me to send them money online?
- Was I expecting a correspondence from this sender?
- If this email is from my CEO, why was it in my spam folder?
- Didn’t I recently update my password?
- Why are they using email to ask for my personal information?
- Would the company mind if I gave them a call to double check this?
- Why is there a spelling mistake? This sender doesn’t usually make mistakes.
- Would someone legitimate really spell my name wrong?
- Doesn’t this email seem a little off?
These are just a few questions (some more obvious than others) to consider when avoiding email scams. The main point isn’t that you should think through all of these questions when you open every single email. The main point is that you should think twice when something seems off. Trust your intuition and don’t be afraid to double check the source of an email when someone asks you to send money or personal information. Thinking twice before you click could save you both time and money. And if you do get scammed, be sure to report it straight away. Remember, email phishing scams are often sophisticated and can be targeted at you to be as deceptive as possible. Stay privacy aware and avoid falling for the bait from email phishers.
At Spy-Fy, we value your digital privacy. That’s why we make premium privacy gadgets to help you stay protected! Be the agent of your own privacy.