Don’t underestimate spam emails. Cybercriminals are getting more creative with how they hide phishing attempts in messages nowadays. Phishing is simply a social engineering attack which involves sending fraudulent messages purporting to be from a legit source. Even tech-savvy people can fall for these attacks.
Although mailing service providers filter spam emails by default, you’d do well to assess your inbox manually. Some attacks could still fall through the cracks, after all. So how do you spot a phishing, i.e. fake, email? What should you look out for?
1. Unusual Contact Information Updates
Brands sometimes ask customers for information updates via email. They could remind you to change your password, provide a secondary phone number, or add a new security question. Many messages link to new login pages.
Although contact information updates are normal, watch out for fake requests from hackers. They look legitimate at a glance. You’ll have to scrutinize messages for inconsistencies—which seldom appear on authentic update prompts.
Let’s examine the above spam email. Considering the multiple grammatical errors, incorrect logo design, generic greeting, and fake sender verification, it’s likely a phishing link.
If you have doubts, visit the business website yourself via another tab, browser, or device. Cybercriminals will only get your login credentials if you enter them through their phishing links.
2. Casino or Game Payouts
While there are several legit online casino games, there are also many shady betting sites owned by hackers too. They email fake payouts to random people. If you click on their links, they’ll ask for your banking details so that you can supposedly withdraw your “earnings.”
The above message looks neat. It uses a simple layout, the body has proper grammar, and the timestamps are accurate. You won’t notice it’s a scam right away.
But as a general rule, avoid clicking unsolicited payouts. No online casino sends random payouts—especially to cold leads with no gaming accounts.
Upon further inspection, you’ll see that Big Dollar Casino has a terrible reputation. Some say it runs a legit online casino, but its involvement with phishing links, data breaches, spam messages, and withheld fund withdrawals will make you think otherwise.
3. Appointment Invites for Government Programs
Never accept appointment invites discussing government programs like grants and relief services unless you personally applied for them. Otherwise, you might fall victim to identity thieves. They take advantage of the needy by pretending to offer relief services and then stealing their personal information.
Take the above email as an example. It doesn’t have a personal greeting, the introduction looks unconvincing, and social workers rarely ask applicants to call them. It’s a scam. Only contact government departments and agencies through their public hotlines.
4. Random Prize Draws
Many social engineering attacks involve rewards. They use false promises and made-up prizes to trick recipients into divulging personal information. The sender often impersonates legit brands.
Let’s check the above example. It doesn’t seem suspicious since it comes from a real company domain, but Gmail filtered it as spam for abusing rewards.
Not all incentives are cyberattacks. However, you should never click on links or download attachments in emails, regardless of the indicated email sender. Visit the company’s website if you create an account. That way, even if the email is a phishing attack, the criminal behind it can’t capture your information.
Get advanced email protection from infected attachments, suspicious links, phishing attempts, and email-based malware. Our newest service will harden your email system and put your organization in the best position to prevent potential threats. For more information contact us at [email protected] or give us a call at 732.780.8615.
Jose Luansing JR, “What Does a Spam Email Look Like?” makeuseof.com, Aug 19th, 2023