Almost 4 billion people around the world rely on email at work and school and in their personal lives. We use email to quickly communicate with anyone, anywhere, anytime. We learn about promotions from our favorite brands. Email is perfect for shooting a question to a coworker and chatting with your grandma across the country. However, cybercriminals like to take advantage of our reliance on email for their own gain.
As email’s popularity continues to grow, hackers keep coming up with new ways to launch attacks this way. Here are some of the most common types of email attacks and how to make sure you don’t fall victim to them
Phishing, a form of fraud, is when a cybercriminal tries to find out information like login credentials that could help them hack your accounts. They pretend to be a trusted person or source and try to get you to share sensitive information (financial or personal) or install malware onto your device (usually by clicking a link). The more targeted version of this scam, called spear phishing, targets you individually, customizing the fraudulent email to your interests or career.
Protect yourself against phishing by only opening emails you know are safe. If you don’t recognize the sender or email address, delete it right away. If the sender claims to be someone you know or trust, contact that person through another method to confirm it was really them before taking any action the sender asks of you in the email.
Pharming uses legitimate-looking websites to trick victims into giving up their personal information. For example, a cybercriminal might send you an email claiming to be from your bank, saying that you need to update your information. You click a link and are sent to a page that looks like the bank’s website (but isn’t). This is a quick way for hackers to gather a lot of credentials without raising much suspicion.
Make sure you don’t fall victim to pharming by always double-checking websites’ URLs. Before you enter usernames, passwords, email addresses, or any other personal data, make sure that the URL matches that of the legitimate website. It could be just one letter different, making it almost impossible to notice. You can also hover over the little lock in the search bar; if it doesn’t say “secure” or “encrypted,” get out of there.
Scareware is designed to scare you into taking action. The scammer makes you think that something is wrong and that doing what they say will fix it. Often scareware scams claim that you need to download a certain program to resolve a system issue, when in fact nothing is wrong and they are just tricking you into downloading malware or spyware, which they then use to steal your information. Criminals might also ask you to purchase their useless “solution” to get some quick cash.
Avoid scareware scams by doing some research if you receive an email like this. Did other people receive the same email? Was it reported as a fraud? Who is the person or company contacting you? Don’t be tempted to immediately click their links or send them money out of fear.