5 Common Email Scams and How to Guard Against Them

Written by Anika Arvanitis, Altair Intern

Altair previously wrote about proactive measures for safeguarding your personal data along with a three-part series of articles, “Staying Safe on the Internet.” We revisit this important topic with a look at today’s most common email scams.

Most of us think we can spot an email scam, and the scammers are profiting handsomely off of our confidence. In 2018, Americans lost $1.48 billion to scammers, a 38% increase over the previous year. Contrary to popular belief, people in their 20s are the most likely to fall for a scam and accounted for 43% of victims in 2018. Even well-known scams can still make money: the Nigerian prince scam, one of the oldest and most infamous, made fraudsters over $700,000 in 2018.

While no safeguard can guarantee your security, there are best practices to help protect against email scams and identity theft. Even simple steps, such as typing in browser addresses rather than clicking links in emails, can go a long way toward preventing scams. Here, we present five of the most common email scams, how to spot them and how to keep friends and family safe.

1. Phishing or Spoofing Scams

In a phishing email, a scammer attempts to infect your computer by tricking you to click on a link or attachment containing malware – software that is designed to disrupt or damage a computer system and can be used to steal personal information. Scammers make their emails appear official and urgent, perhaps warning of an unauthorized transaction that requires immediate attention.  Another common phishing email appears to be from a charity or political thinktank and asks you to take a brief survey. The result is always the same: As soon as you click the link or open the attachment, malware is installed on your computer.

Although spoofing and phishing are often used as synonyms, in a spoof, a scammer attempts to steal information, most often financial information and passwords, not upload malware. Like phishing emails, spoofed emails often look official, come from well-known companies and include links to a company website. The common theme is that the link directs you not to the real website but instead to a replica. Anything you type on that website, such as your log-on information, will be sent to the scammer.

Spotting a phish or spoof

If you suspect an email, hover over the sender’s email address and verify that it is from the correct domain. Be suspicious of emails that address you as “valued user” or “member” rather than by name because this suggests that identical emails have been sent to thousands of people. Large companies like PayPal will usually not have typos or grammatical errors in their emails. Finally, hover over links before clicking and be cautious if the link is short or uses http:// rather than https:// – missing the all-important “s” at the end. The “s” stands for “secure” and shows that the website uses Transport Layer Security for establishing an encrypted connection between a web server and a browser.

market monitor

Image from imediavan

2. Advance Fee Scams

These scams start by offering something suspiciously alluring such as a lottery grand prize, a high-paying job working from home or a new credit card with phenomenal terms. The only catch is that there is an advanced fee. After you pay this fee, the scammer disappears with the money or, worse, reappears under a new name as an attorney investigating the original scam and again asking for a small payment in exchange for their services.

Spotting an advance fee scam

If it sounds too good to be true, it probably is. When in doubt, double-check that the address and phone number in the email match those of the organization online. Consider calling the organization and requesting more information. But be sure to use the number you separately search for online or you may find yourself talking to the scammer.

3. Overpayment Scams

This scam can surface when you sell something in an online auction or through a classified ad posting. A scammer sends you a check for more than the requested amount in exchange for your item. They ask that you send back the excess in cash, along with whatever they purchased. A few days later, the check bounces and you have lost the cash you sent back. This scam relies on you sending money before you realize their check is fake.

Spotting an overpayment scam

Always put yourself in the other person’s shoes: Would you ever send a legitimate check to a stranger and trust them to send back the excess in cash? If not, then why would they?

4. Debt Collection Scams

You receive what appears to be an official email from the Internal Revenue Service  warning you that you will be arrested and jailed if you do not pay off your debt, even though you may not have debt at all. Often, they request payment in the form of gift cards.

Spotting a debt collection scam

The IRS will never demand immediate payment and does not initiate contact via email without your consent – it will always mail a letter first. Further, the IRS will never require a specific method of payment, such as gift cards. When in doubt, contact the IRS after first reviewing their descriptions of scams and payments on their website.

5. Grandparent Scams

A friend or family member claims they have been arrested or trapped abroad and need money to get  home. In reality, no one is in danger. The scammer hopes the thought of a loved one trapped in jail or abroad will make you send the money before double-checking. Grandparent scams are thus named because the supposed victim often is a friend of a grandchild and these scammers target grandparents. At its simplest, the scam also could be just a request for money purporting to come from a beloved grandchild – no danger mentioned.

Spotting a grandparent scam

Always confirm the situation before you send anyone money. Also, be sure to hover over the name of the person who sent you the email; scammers often make the address appear to be a familiar name but, when you hover over it, you will see the real address does not belong to someone you know.

Protecting yourself from scams

There are many simple ways to protect yourself from scams, such as a fraud alert, which requires a business to verify your identity with one of the biggest nationwide credit bureaus (Equifax, Experian or TransUnion) before opening a new account, issuing a new credit card or increasing your credit limit. Check that your passwords follow FTC guidelines for strength and consider using a password manager (see our recommendation).  Also consider automatically updating software, as this can protect you from malware. Finally, be extremely wary of sending financial information via email; legitimate companies generally will not ask for Social Security numbers, credit card numbers, bank account numbers or passwords via email.

What to do if you have been scammed

If you realize that you have been scammed, do not panic. There are five steps you can take to protect your credit score and finances.

  1. Report the scam to the FTC, FBI and your state’s attorney general and file a complaint with the Internet Crime Complaint Center.
  2. Consider a credit freeze, which can prevent scammers from accessing credit files and opening accounts but cannot prevent them from using existing accounts. Contact each of the major credit bureaus to place a freeze on your credit: Equifax (800-685-1111), Experian (888-397-3742), Innovis (800-540-2505) and TransUnion (888-909-8872).
  3. To keep friends, family and coworkers safe, warn them that your accounts have been hacked and to be wary of any messages they receive from you. Some of the most difficult scams to spot are when the fraudsters take over your email inbox and send emails to your contacts, who have no way of knowing it is not you because it is actually from your email address.
  4. Cancel any compromised credit cards and update your passwords.
  5. Finally, remain educated about new scams by following the FTC’s scam alerts.

The material shown is for informational purposes only and should not be construed as accounting, legal, or tax advice.  Altair Advisers LLC is a registered investment adviser with the Securities and Exchange Commission; registration does not imply a certain level of skill or training.  While efforts are made to ensure information contained herein is accurate, Altair Advisers cannot guarantee the accuracy of all such information presented.