E-mail Scams : real time updated list

Due to their free and somewhat anonymous nature, emails are scammers’ most common way of transmitting fraud online.

To protect yourself effectively, it’s imperative to know the different types of scams that are propagated in this way.

The different types of email scams

Email scams can be classified into 3 categories.

Phishing: Identity theft

Phishing is unquestionably the most widely distributed scam via email: scammers pretend to be popular brands or organizations in order to retrieve your bank account information or your personal data.

To do this, scammers create fake websites that give you the impression of being the real thing using images related to the original organizations (Banks, taxes, energy suppliers, delivery services, etc.) and promote them through emails.

Scammers send these emails under the same excuses most of the time:

• Security breach risks (changes in legislation, potential hacking…)
• Expired bank account details
• A payment addressed to you is due
• Package retrieval fees
• Refund of an order

Once the victim clicks on the link in the email and enters their information on the phishing site, the scammer retrieves it and can use or resell it.

Advance fee scams

The main goal of these scams is to make you pay for services that pique your interest.

To make this scam come true, scammers will send emails that make you think that an exceptional opportunity is being presented to you. They will tell you tall tales about:

• Winning the lottery
• An advantageous loan being at your disposal
• A stranger who inherited a fortune and needs your help to benefit from it.

And on rare occasions, the email won’t be all sunshine and rainbows and instead you will be told that you’re being legally prosecuted. Once contact is established with the scammer, they will attempt to confirm the legitimacy of the story they’re telling you and then make you pay fees to benefit from it. They will mention application fees, customs, taxes or even fines… This is why they’re called “advance-fee” scams.

Fake promotions

These scams are usually filtered as spam but they are still ever present: You receive an email from a well-known brand (Amazon, Walmart…) presenting you with an amazing promotion on an item. Sometimes, they even say it’s free!
When you click the link, you are then taken to a website that functions somewhat like a phishing site: The brand’s logo is displayed and everything is done to make you enter your bank account details to purchase an item for dirt cheap.

If you enter your details, you won’t receive anything at all but you will most likely find yourself stuck in what’s known as a hidden subscription scam. You will be charged a dozen dollars every month…

Note: the majority of scams that come from emails are sent to victims haphazardly. They are SPAM mails sent in an overwhelming and random fashion which explains why some of them are completely irrelevant and mean nothing to you.

How do you know if an email is a scam?

To be able to tell if an email is a scam, you have to look for certain clues:

• The sender’s address
• The contents of the email
• The link

Analyzing the sender’s address:

As we’ve discussed previously, the majority of email scams usurp the identities of private or public brands/organizations. To avoid falling prey to these scams, you just have to verify that the domain of the sender is the same as the official brand/company/etc.

The domain name is the part right after the [@] and any dots [.]

Let’s take the example of a phishing email that usurps the identity of Walmart: mail@walmart.dyndns-mail.com. The domain name here is: dyndns-mail.com. If we look at Walmart’s official site, we’ll discover that the real domain is: walmart.com. So the first one is definitely a fraudulent email.

PS: This method works in the majority of cases (95% of the time), but not always! Sometimes you might get a scam email that shows the official address. This in fact, depends on the email your using (gmail, outlook, etc). For this reason, let’s look at other elements of the email.

The contents of the email: a lot of important details

The email’s contents are the text written by the sender and the attached files. There are several things you should focus on:

• Spelling mistakes.
• The quality of the pictures/logos
• Certain peculiar elements:
• The lack of symmetry between the content of the text and the attachment.
• The presence of images where text should be.
• Incoherent text.

Spelling mistakes: Less frequent but not non-existent.

Official emails do not contain spelling errors. So you won’t be seeing any spellings mistakes in emails from public institutions and “serious” private companies.

Note: If you have trouble with spelling and grammar yourself, don’t hesitate to copy the text in the email and paste it in an online correction site. Grammarly is an excellent example and is free to use.

The quality of the pictures

Whether they are part of the text in the email, or attached to it or found on a site you were led to by clicking on a link, the quality of a picture is a great indicator. If you find pictures that are heavily pixelated or poorly framed, then you’re face to face with the work of an amateur and you can ignore them.

Some curious particularities

You’ve probably seen an email where the text was super short and you were instructed to look at the attachment to find out what’s really going on.

This is the typical process of many email scams: by inserting the main information about the scam inside an attached file, the scammer manages to trick the anti-spam devices that emails services use. The latter analyze the texts of incoming emails to see if they should be classes as undesirable or not. If the text is inside an attachment, things become a lot more complicated…

In the same vein, another method consists of displaying the text within a picture instead. In this case, it’s undoubtedly a scam!!

Some scammers trick mailbox security systems in another way: they add text that has nothing to do with the fraud they want you to see. To do this they show you quality content at the very bottom of the email. To prevent you from seeing it, they type it in white: this way it’s invisible to you (white text on a white background) but it’s perfectly visible to the anti-spam systems that verify its quality.

Tip: Try to select the entire text of the email every now and then. If you can’t do it, then it’s a picture. If there’s some hidden text, it will be revealed once it is highlighted in blue…

The internal link: A very important detail

Unlike a sender’s address, it’s impossible to spoof a link. When you see one, you must analyze it because it’s the target destination towards which the scammer means to take you so they can get you.

To do this, you have 2 choices: either get the link by copying it or click on it to find out more. Contrary to popular belief, there is little risk in clicking on a link so long as the device you’re using is up to date. You must analyze the link in a similar way to the analysis we’ve discussed before: you have to verify that the domain is the same as the official site’s.

How to protect yourself from email scams?

Here’s some ways you can protect yourself from fraudulent emails:

• Know the scams that are going around through emails
• Know how to analyze emails
• Use a good mail service
• Use helpful dedicated tools

We already thoroughly discussed the first two points so let’s talk about the last two.

Choosing the right email service:

Despite its apparent simplicity, email services have a very important role to play in protecting their users. Every email that’s sent to you gets analyzed by a dozen of criteria, some of which are highly technical in nature. Depending on an automatically calculated trust score, the email is sent to your inbox or to the spam category.

It’s therefore essential to have an email service that’s well-equipped to play the role of gatekeeper. If you continuously receive scam emails, it’s very likely that your service is not made for it…

Note: Email services provided by telephone operators or managed by small companies tend be less capable than the free public services (gmail.com, outlook.com…).

Use dedicated tools to help you:

The majority of email analysis tools are geared towards technical aspects, with little interest in detecting scams. There is however a tool that you can use to see if a site/email is trustworthy: Scamdoc.com. All you need to do is enter the email address of the sender and you will get information about it.

Where to report a suspicious or fraudulent email?

When you receive an email and you think it’s suspicious or fraudulent, you can report it in 2 ways:

• Through your email service’s dedicated report button
• Creating a report using this form

Do you want to find out more about this type of scam? How about taking a look at the articles below? They have been specifically chosen by us.