Protecting yourself against email scams

Yes might not be completely related to the cryptosphere but I think it is very useful to my readers. Even crypto guys like us have to use email for various forms of communications right? Anyway email scams have always been around but with the pandemic going on, it looks like it is getting worse. I am starting to see the number of scam emails getting though our junk filter increasing significantly. Just a few years ago, I barely get any scam emails as most will be caught by the spam filters. And they used to send in bulk but seems to have switched to targeting a small(er) number of individuals, especially for those in corporate businesses.

So here are some ways you can protect yourself against email scams. They are not exhaustive but should give you some idea of how they are scamming people. With this knowledge you should be able to spot them much easier.

1. Sender’s email address. As spoofing email addresses become much harder, scammers are now stealing email accounts and using legit emails account to send out scams. This is done to avoid being blocked by junk filters which can blacklist bulk mailing email accounts. However this means that you can easily spot scams from the sender’s email address. For example, why would someone claiming to be from Microsoft have an email address with a different domain name. Or why would your company’s tech support have a strange German domain name? Or why would your local bank use a personal email account to ask you to transfer money to them? Or why would that “UN Representative” discuss payment with you using his Gmail account? Yes this is not to say spoofed email addresses have been eliminated. There are still emails addresses that are being spoofed and sent by scammers.
2. Title and content. Before you do anything, read the title and the content of that email being sent to you carefully. Never rush and take any action before reading though the email. In most cases, scammers will usually copy and paste different parts of different emails to make it look more genuine. However this would mean that the email might not make sense if you read it carefully/completely. For example, an email with the subject title stating “Invoice payment” but the content might be saying something else. Or the email asking to do a password change because it is due but then allowing you to “keep your password”. I have seen one email with the subject title about a change in HR policy while the “link” is to some invoice for payment. If you spot such misleading emails, you can be sure that the sender is up to no good.
3. Social Engineering. This might be a little difficult to explain but if I need to explain it easily, it should be something to manipulate the victim to do something which normally the victim would not do. So for example, you received an email asking you to “urgently” change your password as it is “due” and if you don’t it now, your account will be locked and you will lose access to your email. Or you received an email from your “supervisor” suddenly urging you to quickly process a payment as there is a deadline? These are vey likely scams via Social Engineering. It is all about manipulation. If you receive such emails, you should stop, think through first before even reacting. The simple fact that they are asking you to do something which is not the norm should raise some red flags. Tricking users via social engineering can fit an entire encyclopedia so it is nearly impossible to list down everything. Please be aware of such scams.
4. Links & Attachments. These are usually where the payload lies. Could be attachments or even links to websites or links to some storage or anything. I would advise readers to double check (avoid would be a better word) before clicking on links in emails or opening up attachments. Even if they are supposedly harmless PDF files or image files. PDF files can have scripts embedded. And in those PDF files, they can also include links for anyone to click to the payload. For me I would never open attachments in emails if I can avoid it. As for links I will check with the sender to make sure the links are genuine. You can hover over an link in most email clients and most web based email service (including Gmail) to see where it leads you to. If you find it suspicious you should not click on it, especially if it comes out of the blue. There are also plenty of phishing sites where they will steal your login passwords. This is most likely how they stole those email accounts in the first place.
5. Language. If you are a native English speaker, you should be able to spot spelling mistakes or some strange wordings or sentences in the email. As if the sender does not have a good comprehension of the language. Of course I am not saying that scammers are always non-English speaking but the fact remains that a good portion of scammers are from poorer countries and they are targeting the rich(er) victims in the West. So if you are indeed receiving such an email email from let’s say – Microsoft, then it would be very suspicious to say the least. It is unlikely that an official email from your service provider or your bank or DHL to come with such strange wordings. Spotting such discrepancies is one way to spot scam emails.
6. Too good to be true. Come on, there is no way someone is going to send you 10 million dollars because of some screw-up in some far away bank you never even heard of. There is also no way some UN guy from somewhere is going to transfer you 5 million in cash via “diplomatic” courier service because some African prince died somewhere. There is also no way some lucky draw you never entered is giving you 10 million dollars and in no way are they going to give you that money just from email communication. These are all very likely scams. It might also not be wise to reply to such emails as well. Once you start replying, they will tag your email as active and most likely sell to other scammers. And please do not give anyone your personal information in such emails or on the Internet for that matter. Who knows what they will do with these information.

Hope that this helps you guys avoid email scammers and bad actors on the Internet. Take care bros!