Online Security

Five Fingers of Email Scamming

Story Highlights
  • What is scamming? How does it work?
  • Difference between scam and spam
  • Types of email scams
  • Phishing
  • Marriott Hotel incident
  • Job scams
  • Lottery scams
  • Online shopping scams
  • The Nigerian Prince scam
  • The end

Online scamming is one of the most popular methods that con artists and hackers use to trick people into giving away their sensitive information. However, even though these scams have become outdated and widely used, most people still fall victim to them. That’s because they are unfamiliar with online threats.

Know your enemy,” said Chinese general, military strategist, and philosopher Sun Tzu in his book The Art of War. If you know the ways of scammers and hackers, you’ll be able to protect yourself better. That way, you can recognize an online scam when you see one, and you’ll know how to defend yourself against it.


Content Overview


How Does Scamming Work?

A lot of what people know about hackers usually comes from movies. Online users who don’t keep up with online security news imagine hackers as people who wear glasses and hoodies, sit in a dark room, and type rapidly on their keyboards.

A few seconds later and one the most cliche lines in the movie business pops up: “I’m in.” But in truth, this is far from reality.

In the real world, hackers require your login credentials before they can access your accounts and steal your information and money. In other words, they need your email and your password, and they can use several means to get their hands on them.

Hacking and Scamming Methods

A lot of people use their birthdays, pet names, favorite hobbies, and such as a password. Hackers can gather this kind of information from social media accounts like Facebook or Instagram and try to guess your password.

Another method is to buy sets of emails and passwords from other hackers, who have obtained them by hacking popular online services. Then, cybercriminals will use the email-password combinations on several accounts in an attempt to force their way in.

Moreover, hackers can exploit the code of various systems, find vulnerabilities, and install back entries to keep stealing data. However, most of the time, they will find an extensive collection of emails and try to contact their owners directly. I’m sure one of those emails found its way to your mailbox. The same thing happened to me. And that’s what we call a scam.

Scammers will try to trick you and extract information, money, or whatever else seems valuable to them. They usually promise a large amount of money in exchange for your help or offer fantastic opportunities.

Over the years, a lot of people have learned not to trust such offers, but there are still many who get tricked because they simply do not know how scams work.

Given that we are all exposed to online scams daily, I will try to explain some of the most common online scams, and how you can detect them.


Scam vs. Spam: What is the difference?

Before I move on to the scamming attacks that you might encounter in your email inbox, I should first establish the difference between scams and spam.

Simply put, spam is a message that is sent randomly to large numbers of people, mostly via email. Spammers collect email addresses from various sources, including websites, newsgroups, chat rooms, customer lists, and more. Several parties use spam or junk email, from advertising companies to scammers themselves.

These emails are mostly used for commercial purposes but could be very annoying and dangerous. They can contain malicious external links and lead to phishing websites. Spammers do not know who they are contacting, and their only goal is to deliver enticing messages to as many people as possible.

Scams

Scams are fraudulent schemes and tricks that usually aim to get the victim’s money or data. Simply put, online fraud is what happens when you become a victim of spam. That is why scammers and spammers are often tightly connected in the minds of internet users. In truth, however, spam is only one of the tools at scammers’ disposal.

Scammers can send spam using malicious software known as adware. Adware sends ads to large numbers of people automatically so that the scammer doesn’t have to do all the work himself. 

Another method is hacking unprotected online servers that websites use to store user details like emails and such. Once they collect all the emails on these servers, they’ll send spam messages to every person who visited the website.


Email Scams

Now that you know the difference between scams and spams, let’s list some of the top email scams that you may encounter in your inbox:

  • Phishing
  • Job Scams
  • Lottery scams
  • Online Shopping Scams
  • The Nigerian Prince Scam

Note that these are not the only scams out there, but they are among the most popular ones. Therefore, you should form an idea about these fraudulent schemes to avoid falling for one of them.


Phishing

The term phishing describes an attack that scammers and hackers often use to steal their victims’ login credentials. These attacks are straightforward in concept. Cybercriminals just have to create a fake web page that looks similar to a real service’s website.

Let’s say, for example, that they want to trick you into revealing your PayPal credentials. They would create a login page that looks exactly like the one PayPal uses. After that, they contact you via email to notify you that there’s something wrong with your PayPal account or funds. The email will most likely contain a link that leads to a fake and malicious login page.

Their goal is to scare you into clicking on that link to see what the problem is and fix it. If you do, then say goodbye to your PayPal account details. These scammers will collect the information you input as soon as you type it. A similar attack targeted nearly one billion Gmail users recently, according to reports.

Scammers can also trick you into revealing your credentials by pretending to be employees of a legitimate service. They’ll feed you a fake story about your account balance or something and tell you that they’ll handle the problem personally. And after you give them your private and sensitive data, they’ll clean out your account.

You must keep in mind that legitimate companies like PayPal, Google, or even traditional banks would never ask such personal information in an email.


Information Hackers Might Ask For

Cybercriminals will try anything to fool you into giving away your sensitive data. That includes:

  • Usernames and passwords.
  • Social Security numbers.
  • Bank account numbers.
  • PIN (Personal Identification Number) codes.
  • Credit card numbers.
  • Your mother’s maiden name.
  • Birthdays.
  • Your first and last name.

The fact that real companies and banks would never ask for such data makes this form of phishing attacks relatively easy to recognize. Even so, you must always be on the lookout.

Also, note that real banks and companies might send you an email to warn you if they detect a large-scale phishing attack of this kind.


Phishing Countermeasures

If you’re not sure whether the email you received is legitimate or a scam, use the below pointers to find out:

  • Carefully check the email address of the sender.
  • Compare the email address to the official email of your bank. Make sure that it is correct, as sometimes the differences can be very subtle. Scammers might put ‘0’ instead of ‘o,’ which can be challenging to spot if you are not thorough.
  • If Google detects that there is something suspicious about the email, it might issue the following warning: “Be careful with this message. It contains content that’s typically used to steal personal information.” 
  • Avoid clicking on any links that you receive via email. Instead, visit the service’s website via browser or type in the correct URL yourself.
  • Check if the sender addresses you by name, or not. As mentioned, scammers often send generic spam emails, which means a lot of people receive them. They might direct you by “Dear Customer,” or alike.
  • Check grammar and spelling. Hackers often do not care much about proofreading their emails, so you are likely to find a few grammar mistakes that official services would never allow.

Hopefully, you now have an idea about phishing, its dangers, and how to avoid them. Hackers will most likely target your password, as they can easily steal most other information themselves if they can access your accounts. This is why you must have a long, robust password that’s hard to crack.

Sometimes, scammers and hackers might target employees of companies. If they manage to trick only one of them into giving away their credentials, they can access the company’s business network. Then, a simple phishing attack could lead to a much greater hack.


Mariott Hotel and Other Victims

This reminds me of the Marriott Hotel chain attack that was discovered last year. Hackers managed to infiltrate the system and remain undetected for years until 2018. During that time, they accessed the data of as many as 500 million guests. They stole all of the stored data, including passport and credit card information.

“We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”

Arne Sorenson, President and CEO of Marriott International

In fact, some estimates say that around 95% of all successful attacks on companies start with spear-phishing. which is when hackers target a specific group of people, such as company employees.

As for this year’s statistics, researchers say that the average financial cost per data breaches is $3.86 million. Meanwhile, phishing attacks are responsible for up to 90% of data hacks, and their popularity among cybercriminals is growing. According to a report from 2017, around 1.5 million phishing sites are created per month.

In 2019 so far, there were as many as 11,475 supposed phishing attacks in the last seven months. Only 1.9% of them were successful, but they still resulted in a loss of $606,262 in total.


Job scams

If you tried to find a job online, you had to post some personal details as part of your resume. It doesn’t matter if you did it on a well-known site or a shady one. Scammers will comb through all of them while looking for victims. Once they have your contact information, they will try to contact you with promises of large salaries, short working hours, great benefits, and such.

They often claim to represent a company from another country, probably an unknown firm. Although, there have been some cases where scammers pretend to be representatives of well-known corporations like Apple.

They might also claim that they are having problems with money transactions and that they would like for you to handle their payments, in exchange for a percentage, of course. Then, they’ll ask for your bank account number so that they can pay you. And before you know it, they’ll steal your money and possibly empty your account.

You can easily recognize these scams, as they offer little details, their stories are always complicated, and they are never clear and direct with what they want. All they mention is that this will be an excellent opportunity for you to do little and earn a lot in the process.

In 2019, there were 1,352 reported job scams, 16.9% of which were successful, with victims losing almost $1 million in total. There were almost twice as many scams of this type in 2018, with $2.5 million lost in total.


Lottery scams

Similarly to job scams, these criminals would contact you with fake claims. This time, you will discover that you somehow won large amounts of money in a lottery you didn’t participate in, probably also a foreign one. 

And, once again, all they need is your bank details, maybe a name, address, or something like that. This is a bit easier to spot, as none of us are lucky enough to win a random lottery that we never took part in. Other signs that this is a scam include details such as:

  • The sender is someone and not an organization.
  • They don’t mention your name.
  • The fact that the lottery itself does not exist (can be quickly confirmed via a quick Google search).
  • They need suspicious information, such as credit card numbers and such.

This year, there were 4,048 reported scams, with 3.9% of them resulting in financial losses. In total, that is around $954,112. So, nearly a million dollars was lost to fake lottery scams, which serves to show just how gullible people can be.


Online shopping scams

If you like online shopping, and you start getting offers that are too good to be true, then chances are this is a scamming attempt. This type of scam can have several methods, but they all result in stealing your money and/or data.

Often, you would get some strange offers that will allow you to earn while you are shopping online. However, there are a few conditions, such as paying upfront to get some sort of training.

Alternatively, the scammer might ask you to provide your address and details, promising that they would send you a check or some materials necessary for your ‘work.’ In return, you must send some money back to cover the materials they will provide. 

If you do so and still receive a check, you’re going to have a hard time cashing it because it’s fake. But the worst thing is that you won’t be able to get your money back.

In 2019 so far, there were 4,587 reports of this type of scam, with nearly $2.5 million lost, in total. That is the result of 61.9% of scams that ended up being successful, which makes this one of the most prominent ways of tricking people.


The Nigerian Prince Scam

There are many other types of fraudulent schemes out there, such as the Nigerian prince scam. This is a well-known trick from years back, where someone claiming to be a Nigerian Prince with financial issues promises to repay people if they help him out by sending money. 

Scammers would claim that they inherited $100 million, or some similar large amount. Unfortunately, they need the victim’s help to get that money. They’ll often ask for a small sum to get the procedure started, and promise a large chunk of the ‘inheritance’ as a reward.

Of course, this has all the signs of a scam. The story itself is quite farfetched, and the fact that a Nigerian Prince is contacting you asking for a loan is absurd. Still, many do not expect email scams; good people who make a mistake in their desire to help others. 

This scam inspired many others, although the new ones are only slightly more believable. Back in 2008, an Oregon woman lost $400,000 to a scammer who pretended to be her long-lost cousin. The ‘cousin’ promised $20.5 million in return if the woman helped him out with a little money upfront. 

These, and other chain email scams were quite popular about ten years ago, but one of them might still end up in your inbox. Nigerian Prince scams were responsible for 341 attacks in 2019, and as much as 20.2% resulted in financial losses. In total, scam victims lost $536,972 this year.

Given how common and well-known this particular type of scams are, many have learned to spot them with ease. A lot of people had even gone on the counter-offensive. They started trolling the scammers, just for fun.


Final thoughts

Email scams are widespread and pose a real threat these days. There will always be scammers and hackers who wish to steal users’ money and data. And at the end of the day, that’s the only thing that matters to a cybercriminal: Profit.

While some of the scams I mentioned might be more than obvious to you, there are still people who fall for them. The stolen figures that I highlighted above prove it.

This is why it is crucial to get familiar with these attacks and know the scamming methods. That way, you will be ready if someone tries to pull one of those tricks on you. If that happens, you can report them, or you can troll them yourself for a bit and give them a small taste of their own medicine.

Have you ever encountered any of these scamming attempts in your inbox? Tell us all about it in the comment box below.

Ralph Peterson

Ralph was bitten by the tech bug from an early age. Today, he is an expert cybersecurity geek with 13+ years of online privacy and streaming experience under his belt. Spoiler alert: He hates bottled TV show endings (Game of Thrones) and whenever his favorite teams lose.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Articles

Back to top button