Most people understand that cyberattacks are often conducted via email. However, few actually know how to successfully recognize common types of spoof emails. In this blog, we’ll break down a couple of examples.
5 Types of Spoof Emails We See all of the Time
It’s unfortunately easy for hackers to disguise emails to appear as if they’re from government organizations, such as the FBI or IRS. They’ll often claim that you need to pay money or provide sensitive information, because you’ve violated some law. Since nobody wants trouble with the government, many people get scared and act irrationally, falling victim to the scam.
Government organizations will almost never ask for personal information via email. Any requests like this come via physical mail. Even if you receive an email from a sender who knows some of your personal information, such as your Social Security Number, it is not necessarily legitimate.
2. Billing Issue
Another common type of spoof email is the billing issue, where you receive a notification from what appears to be a legitimate organization that a purchase you made was declined because your credit card was expired (or something similar). If you click the link they provide, you’ll be taken to a fake website, where you’ll be asked to re-enter the information or infected with a virus, like ransomware.
The best way to combat this scam is to never click the link provided in these emails. Instead, go directly through the institution who’s claiming to contact you. For example, if PayPal notifies you that you have an expired credit card, go to paypal.com to check. Do not click the link in the email.
3. Fraud Warning
Similar to billing issue spoof emails, you may receive an email that notifies you about a large purchase that has been made using one of your accounts or credit cards. They’ll provide you with a link to click and resolve the problem, where, again, they’ll steal your information.
Retailers are constantly sending out promotional emails for sales and giveaways, especially during the holidays. Hackers mimic these in an effort to scam unsuspecting victims.
A promotional email may be a spoof email if:
- It has a too-good-to-be-true discount/giveaway
- Links to a poorly-designed website
- Has an unusually high sense of urgency
5. CEO Fraud
With a quick Google Search, it’s not too difficult to find the names of the CEO and financial officers of most companies. Hackers sometimes use this information to impersonate corporate officers of companies, and then attempt to trick employees who work in accounting or finance to transfer money into their accounts.
If you receive a similar email, ask your manager or the individual the email appears to be from. Do not transfer the money without following up first.
There are tons of types of spoof emails out there. The best way to avoid them is to further research any email that seems even remotely suspicious. If you’re unsure about whether or not an email is fraudulent, always alert your IT team before clicking any links or attachments.