Email-Based Scams Continue to Multiply – Here’s How to Protect Yourself

A fishing hook stealing a credit card.

During the peak shopping season – Black Friday, Cyber Monday, Thanksgiving, Christmas and New Year – the scammers gear up for a killing!

But actually, whether or not it’s the holiday season, scams of all kinds are not only multiplying, they are becoming ever more sophisticated.

And the biggest prize for the hackers is getting hold of your username and password, especially if you use the same password on more than one account.

Always remember: your login credentials (user name and password) are valuable to hackers because they can sell them on to other hackers. So they can still make money from them, even if they don’t use them to hack your account themselves.

So safeguard your login details with great care. I strongly recommend using a Password Manager to protect your login details and your accounts.

I also urge you to read about how identity theft screws things up – it’s important: click here.

Here are two common methods that are used to get hold of your username and password details:

1. Phishing scams

Phishing scams are where the cyber-criminals trick you into revealing your login details to one of your online accounts: your bank account, your credit card account – in fact any of your accounts.

A Phishing emailEmail is the most common way the scammers set the trap.

The way it works is an email message, that appears to come from a service provider you use, lands in your inbox with a message telling you that you need to take some urgent action – for example: that your account has been suspended and you need to log in to reactivate it.

For your convenience a link is included in the email – but don’t click it..!

Navigate to your normal login page and log in there. 99.99 times out of 100 you will find that, actually, everything is working perfectly normally.

The phishing email is very well branded (an excellent copy of the institution’s branding) and clicking the link will take you to a fake website page (which is also an excellent copy).

But the sole purpose of that web page is to collect your login details for the scammers, so don’t click the link in the email!

2. Purchase delivery notices

Sample of a delivery status emailIf you’re having any purchases delivered from Amazon (or any online retailer), watch out for emails that appear to give details of your delivery, or warn you that your delivery may be delayed.

These could look as though they come from wherever you made your purchase, or from Fedex, DHL, UPS or any delivery company, and they often contain attachments that are labelled ‘Delivery details’ or something similar.

The attachments contain nasty scripts, which are activated when you open them, so don’t..!

This is a great way for the scammers to get ransomware onto your computer.

It’s easy to fall for this trick – I very nearly did recently. I had ordered something but the delivery was late. Having contacted the seller I was assured that my purchase was on the way.

So when I received an update notification a couple of days later I opened it without thinking. The problem was that it did not relate to my real delivery – it was a phishing email that, coincidentally, arrived at a time that I was expecting a notification.

Only when I realised that the attached file, which I had been told to open for details, was a .js file (a JavaScript file) did I smell a rat.

Had I opened the attachment a virus or malware of some kind would have been dumped onto my computer. Possibly even ransomware.

So take great care when you open emails from delivery companies – delete any suspicious emails immediately and empty your recycle (or trash) bin while you’re at it.

Be extremely careful of opening any email attachments if you don’t know what they are, and always check and verify the originating email address before you do so.

Emails from people in your contact list

Even emails from your friends or contacts can be trojan horses if they include an attachment that contains malware.

If a hacker has managed to get access to your email address list, or the email address list of one of your friends, they can send emails that appear to come from one of your contacts – this makes you more likely to open them.

In fact, these emails come from the criminals who hacked your, or your contact’s, email address list.

It’s easy for them to falsify the name of the sender, but more difficult to falsify the originating email address.

Always check the sender’s email address (not just their name) before opening any emails that contain attachments.

If the email comes from someone you haven’t heard from in a while you can also message them via WhatsApp, or whatever you use, to ask if they’ve just emailed you.

If your email client doesn’t display the sending email address by default – webmail applications such as Gmail don’t – you can hover your cursor over the sender’s name and the sending details will be displayed.

It’s good safety practice to make sure you know how to see and verify the sending email address, so take care of that now, before you’re hit with a scam.

Long story short: treat any emails that come from senders with whom you don’t normally interact, with great suspicion.

Self-protection checklist

Remember these self-protection steps:

  1. Safeguard your login details with a password manager
  2. Never click any links in emails that tell you there’s a problem with your account – go to your normal log in page to log in
  3. Be extremely careful of opening any email attachments unless you know what they are. If in doubt, check with the sender
  4. Check the sender’s email address even when emails come from people you know, especially if you haven’t heard from them in a while

Stay safe,

Martin Malden

Martin Malden
Owner – WP Security Basics

P.S. Is your WordPress website as secure as it could be? Take a look at the WordPress security products I have reviewed (I use all of them and I’d be happy to answer any questions you may have):