Email scams have become increasingly common each year in the United States and for most people and businesses email is an extremely vulnerable point to target.
They are designed to deceive recipients into providing sensitive information, downloading malware, or sending money. Even the City of Tulsa was recently targeted by an apparent email hacking scheme that cost the city $191,972.52.
Related Story: Tulsa Reports Loss Of Nearly $200,000 From Email Hacking Scheme, FBI Investigating
Recognizing the tactics is a key element to preventing a compromising situation. Always be cautious when opening unsolicited emails or clicking on unfamiliar links.
Lori's Crime Tips
Here are 11 common tactics used in email scams:
Phishing
- How it Works: Scammers send emails that appear to be from legitimate organizations (banks, retailers, government agencies) to trick recipients into providing personal information, such as passwords, credit card numbers, or Social Security numbers.
- Tactics:
- Urgent requests to "verify" or "update" account details.
- Fake login pages that imitate legitimate websites.
- Alarming subject lines (e.g., "Your account has been hacked").
Spear Phishing
- How it Works: This is a targeted form of phishing where scammers personalize the email, addressing the recipient by name or referencing specific information (like their job or organization).
- Tactics:
- Pretending to be a colleague, boss, or friend.
- Asking for sensitive work-related data, like client information or internal documents.
- Requests for wire transfers or payment to a vendor.
Business Email Compromise (BEC) attacks
- How it Works: Scammers impersonate a high-level executive or a trusted vendor to trick employees into transferring funds or providing sensitive company information.
- Tactics:
- "Urgent" emails from the CEO or CFO requesting an immediate bank transfer.
- Posing as a vendor with new payment instructions.
- Instructing employees to purchase the gift cards.
Fake Invoice Scams
- How it Works: Scammers send fake invoices that appear to come from legitimate companies, hoping the recipient will pay without verifying the charges.
- Tactics:
- Sending an invoice that looks legitimate but refers to a service or product that was never purchased.
- Pressuring the recipient with overdue payment reminders.
Lottery and Prize Scams
- How it Works: Recipients are told they've won a lottery, prize, or sweepstakes they never entered, and must pay a fee to claim their winnings.
- Tactics:
- Offering large sums of money, vacations, or expensive items.
- Requesting payment for "processing fees" or "taxes" to release the prize.
- Asking for personal details like bank account numbers or home addresses.
Tech Support Scams
- How it Works: Scammers pretend to be tech support from well-known companies (like Microsoft or Apple), claiming there's a problem with the recipient's computer that needs immediate attention.
- Tactics:
- Offering help to fix a "virus" or "malware infection."
- Asking the recipient to install remote access software, allowing scammers to take control of the device.
- Charging fees for unnecessary "fixes" or stealing personal data.
Advance-Fee Fraud (Nigerian Prince Scam)
- How it Works: Scammers claim to be a foreign dignitary, wealthy individual, or government official needing help to transfer money out of their country in exchange for a share of the fortune.
- Tactics:
- Asking for bank details or upfront payments to cover "processing fees" or "legal costs”
- Promising a large sum of money if the recipient helps.
Malware and Ransomware Links/Attachments
- How it Works: Emails contain malicious links or attachments that, once clicked, download malware to the recipient’s device, giving scammers access to files and personal data.
- Tactics:
- Sending fake invoices, order confirmations or shipping notices with infected attachments.
- Embedding malicious links that look like legitimate URLs.
- Using zip files or PDFs that hide malicious software.
Charity and Disaster Relief Scams
- How it Works: Scammers take advantage of natural disasters, crises, or other tragedies to solicit donations for fake charities.
- Tactics:
- Using emotional stories to encourage recipients to donate.
- Setting up fake donation sites that look real.
- Requesting donations via wire transfer, gift cards, or cryptocurrency.
Fake Job Offers
- How it Works: Scammers send fake job offers or listings, asking recipients to provide personal information or pay for training, equipment, or background checks.
- Tactics:
- Offering high-paying jobs with little or no qualifications required.
- Requesting upfront fees for background checks, certifications, or supplies.
- Asking for Social Security numbers or bank details to "set up direct deposit."
CEO Fraud
- How it Works: Scammers impersonate the CEO or other high-ranking executives to convince employees to wire money or share sensitive data.
- Tactics:
- Spoofing the CEO's email or using a similar domain name to the CEO.
- Marking emails as "urgent" and asking for quick transfers.
- Often targets the finance or HR departments.