How to identify email scams?

Scams in emails continue to fill inboxes. (Source – Shutterstock)

Detecting scam emails isn’t complicated if users know what to look for

Scam emails continue to infiltrate inboxes despite companies installing various spam and threat detection software on their emails. While some email service providers have come up with measures to flag emails that can be harmful, many are still bypassing these tools and making their way to users.

In fact, there is an estimated 3.4 billion spam emails sent out every day. Google, which is also one of the biggest email service providers in the world, blocks around 100 million phishing emails daily. Statistics also show that over 48% of emails sent in 2022 were spam.

In the US, an FBI report stated that Americans lost US$10.3 billion to internet scams in 2022. The report also indicated that 300,497 phishing victims were reporting over US$52 million in losses as well.

According to findings from a report by Acronis, phishing is the primary method criminals leverage to unearth login credentials. In the first half of 2023 alone, the number of email-based phishing attacks in scam emails has surged 464% when compared to 2022. Over the same frame, there has also been a 24% increase in attacks per organization.

In the first half of 2023, Acronis-monitored endpoints observed a 15% increase in the number of files and URLs per scanned email. Cybercriminals have also tapped into the burgeoning large language model (LLM)-based AI market, using platforms to create, automate, scale, and improve new attacks through active learning.

Cybercriminals use scam emails to target victims whose credentials have been compromised. In most cases, the emails can be quite personal, making the receiver unaware that the email is actually harmful. Apart from that, email scams are also targeting users by sending out password reset emails. These are sent to personal and work emails as well as generic emails.

Clarifying email scams from Microsoft

A Tweet by Microsoft on email notifications.

Identifying scam emails 

MailGuard, an Australian tech innovator that provides enterprise-grade protection against email scams and other security threats reported how they were blocking a phishing scam that was impersonating DHL in an email, which is likely from a compromised account.

Recipients that click on links to access the attachment are directed to a phishing site that has been designed to look like a Microsoft SharePoint page. The recipient is then asked to enter their email address and password in order to access protected documents.

Tech Wire Asia continues to receive email scams requesting passwords to be reset as well. In fact, we receive almost 50 such emails on a daily basis. While most of them end up being flagged as spam, a few emails make it through to the inbox.

The example below show two different types of emails requesting for the passwords to be reset. It is always important to note the sender’s address as that will be the first indicator if an email is a scam or not.

Example of scam emails

An example of a scam email sent to Tech Wire Asia.

The next indicator is to check if the email is addressed to the recipient by name. A legitimate email would normally address a user by their credentials. A phishing email will only address the recipient as “Dear user” or even with the wrong name.

Check the content

It is also important to check the language being used in these emails. In the past, cybercriminals do not have a strong command of the language and often make plenty of grammatical errors. However, some of them have taken the initiative of getting ChatGPT and other AI tools to help them draft an email that does not only contain grammatical errors but also can sound more professional and genuine.

Some email scams are from companies that users have never been associated with as well. These are clearer indicators that the email is a scam and should be deleted immediately. The problem for most users is the curiosity that comes with knowing the content of such emails.

Language in scam emails are bad.

Another example of a scam email sent to Tech Wire Asia. Take note of the sender email.

For example, an email from a particular brand offering special discounts on products. Some users might be tempted to open the email and share their particulars just to get a coupon code that can be used to redeem more discounts and such. However, what they don’t realize is, once their credentials are entered, they are literally opening the door to cybercriminals.

Also, the landing page or website from these email links will not have the legitimate URL of the company. This is why users need to make sure they check the spelling of the websites and the webpage itself. If it does not look accurate, it’s most likely a phishing site.

As email threats have become increasingly sophisticated, organizations need to implement robust email security systems to protect their data and their reputation. Businesses should consider an email security solution that offers integrated threat protection across apps, devices, email, identities, data, and cloud workloads.

While there are many email security solutions in the market, the bottom line is that it all goes down to the user. Humans remain the weakest link in cybersecurity, especially when it comes to scam emails. It will only continue to remain as such if the attitude towards emails is not changed. Be it housewives, students, employees, or even CEOs, a simple check on the email sender can make a big difference.