This article was reviewed by Jay Brecknell, CFP®.
Are you practising good cyber security habits? Email scams are on the rise, and with the holidays fast-approaching, making sure your cyber security habits are in good shape is crucial for protecting your finances.
As technology advances, scammers have more tools and information at their disposal to make fake emails appear real. Scams are rarely obvious—like a Nigerian Prince asking for your bank credentials so he can send you $2 million—no, these scams can be very advanced and realistic. It’s easy to think you would never fall victim to a scam, but it happens to everyone, and we mean everyone.
The good news is, there are ways to protect yourself. Having good cyber security habits will go a long way in keeping you, your identity, and your finances safe from scammers.
Here’s what we are going to cover:
- Common email scams to watch out for
- Holiday season specific scams
- Advice for recognizing a fraudulent email
- Advice for protecting yourself from scammers
- What to do if you fall for a scam
Common email scams to watch for
When it comes to scams, just knowing about common tactics and trends can protect you. The more aware you are of the types of scams currently running, the more likely you are to avoid falling prey to one.
Phishing
Phishing is a form of scamming where the intent is to obtain your sensitive, personal information. Usernames, passwords, credit card numbers, bank account information, and social insurance number—these are all types of information that scammers are after. With this, they can commit identity theft, make purchases, or make withdrawals from your bank account.
- Scammers will often attempt to imitate a trusted source—such as a popular retailer, your bank, or a service provider such as for your cell phone
- Emails generally contain a link that will either install malware onto your computer, or have you to sign into a fake website designed to give the scammer access to your personal information
Spear phishing
A form of phishing that uses personal information about the targeted victim to make the phishing emails seem more realistic. These targeted attacks are often committed against more prominent individuals, but can be committed against anyone. Social media and even a google search is an easy source of information where scammers can get insight into your friends, social activities, hobbies, etc that can make creating convincing email scams easier.
Whaling
A form of phishing, whaling is a targeted scam attack on senior executives with the aim of either accessing secure information, or to have them send a wire transfer to a fraudulent account. These email scams are often convincingly made to masquerade as if they are coming from a known or trusted source.
Ransomware
The goal for scammers using a ransomware scheme is to have you click a link or open an attachment that contains malicious software—or malware—that will effectively lock down your computer and potentially your whole system or network. The scammers will then hold these for ransom, demanding payment for their return.
- An adaptation of ransomware is scammers using this tactic to gain access to personal images and files, looking for anything that may be embarrassing or socially detrimental should they be made public. The scammers will then hold this information for ransom, demanding payment and threatening to release the information should their demands not be met.
- It is not recommended by authorities to pay a ransom, as there is no guarantee that your computer or the sensitive information will be returned to you. Your best option is to contact authorities.
Prize scams
“You’ve won an all-expenses-paid vacation!” Sometimes, when things seem too good to be true, it’s because they are. These prize scams will often ask for you to send a fee in order to claim your prize, or seek to get personal information from you as part of the prize claim process. These emails can be made to look as if they are coming from reputable companies, so be wary.
Holiday scams to be on the lookout for
Charitable donation scams
Holiday season is a time of giving, and many charities ask for donations. Unfortunately, scammers are keen to capitalise on this, so be wary of scam emails impersonating reputable charities. Scammers will often use this tactic to have you make payments (“donations”) to a fraudulent account, or use malicious links or attachments to either download malware onto your computer or obtain your personal information.
Fake sales
The holidays are an expensive time and we are all happy to take advantage of sales from our favourite retailers. Scammers know this and are taking advantage. Posing as major retailers (often using their logo and branding), scammers will send out fake sales emails which contain malicious links that are designed to either install malware on your computer, or obtain your personal information.
- Instead of clicking on in-email links, head to the websites in a separate tab, manually typing in the web address, to check the validity of sales.
- Look for discrepancies in the branding, as well as incoherent language, misspellings and poor grammar.
- Did they use your name in the greeting? Most major retailers use programs that will include your name in the greeting to personalise their marketing; scammers won’t have access to this.
Fake delivery emails
As the holidays approach, many people are making more purchases online as they buy gifts for friends, family, and even themselves. A common holiday email scam is for scammers to pose as delivery companies and request payment for “additional fees” or claim they require information in order to complete the delivery. Either tactic will generally require you to click on a malicious link or call a number, which the scammer will use to obtain your information.
- Look for any discrepancies in branding, and language within the email.
- You can track your shipping from your original order confirmation email, or better yet, through your order history on the retailers website.
- Do not click on links or call the number within the email. Go to the delivery company’s website, and get their customer service number from there to be sure you are calling the correct number (and not a scammer).
Fake order receipts
With all the additional holiday shopping, it can be a challenge to keep track of all the purchases you make. Knowing this, scammers have concocted a scam wherein the victim is sent a fake order receipt with a link or phone number to call if you have questions or concerns. And of course you do, because you never made this purchase!
Whether you call or click the link, you will likely be asked to provide personal information as part of their “confirmation process” which they can then use to gain access to your banking, or commit identity theft. The link may also be used to download malware onto your computer.
- Keep track of all your purchases to help avoid confusion and make you less susceptible to this particular scam.
- Again, do not click any links within the email, or call the number provided—head to the retailer website to get their customer service contact information.
- Discrepancies in branding, impersonal message greetings, and language errors can all be signs of a scam email.
How to recognize fraudulent emails
Often, victims of scammers are intelligent, capable people—being scammed is not a reflection of the victim in any way. With advancing technology and access to personal information via social media and a quick google search, scammers have many resources at their disposal to make their scams very believable. Knowing what to look out for, can help protect you from a scam.
- We suggest getting into the habit of hovering over the name of the email sender to reveal the email address the email is being sent from. For example, a scammer can easily change the name of the sender to the name of a major retailer, but when you hover over the name, it can reveal the email address to be anonymoushacker1234@gmail.com.
- Generic greetings can also be an indication of a scam. Oftentimes, when you shop with a major retailer, or sign up for a newsletter (or giveaway) that company’s emailing system will be programmed to use your name, so a generic greeting is a good indicator this is an email you didn’t consent to receive.
- Incoherent content as well as poor grammar and spelling are often signs of a scam, so be on the lookout for these signs.
- Urgent or threatening language is often the sign of a scam. Even something as simple as “act within the next hour or this deal will be gone” is a red flag.
- If it seems too good to be true, it likely is. Be wary of emails announcing you as a winner of a grand prize.
- Requests for personal information are a big red flag and emails containing these requests should set alarm bells off for you.
- Incorrect or inconsistent branding. Scammers are getting pretty good at imitating big brands, but these inconsistencies can be a good indication of a scam email. Think off colours, pictures that don’t make sense, the logo looking slightly off.
Protecting yourself from scammers
Beyond being aware of what to look for to identify a fraudulent email, there are things you can do to protect yourself:
- Having a strong password is a big part of cyber security, particularly for your email account as it can be used to access many of your other accounts online by using the “forgot your password” feature on websites. We previously wrote about email password safety, so take a read and follow the steps to secure your email account.
- Multi-factor authentication is a great tool for increasing your cyber security. Oftentimes people will skip over multi-factor authentication as they find the added step to be inconvenient, but that’s a small price to pay for added security against fraud and scam attempts.
- Never click on links or open attachments from unfamiliar senders. Always check to ensure that the sender name and email address match before clicking links or opening attachments as well.
- Install protection software and keep it, and your computer up to date.
- Scammers often play off human psychology—our innate trust and the effect of urgency for instance. Knowing this helps you level the playing field by thinking critically and refusing to be rushed.
- Consider not storing your credit card with online retailers—the less places this information is kept, the better.
- Never give out personal information.
- If an email contains contact information (say about a delivery for a package or a receipt of purchase), go onto the company’s website by entering their website into a new browser and get the contact information there instead of clicking links or calling numbers contained within the email.
What to do if you fall for a scam
Unfortunately, thousands of people are scammed every year, across all demographics. If you fall victim to a scammer, don’t be hard on yourself, it’s not a reflection on you or your intelligence. It’s natural to feel angry and even ashamed, but it’s not your fault—these scammers are professional criminals, after all.
If you are scammed, here are the steps you should take:
- Change your passwords on all your accounts.
- Enable multi-factor authentication on all accounts, but especially to those of your email account(s), financial institutions, and companies who have your credit card information.
- Call your financial institution to inform them of the scam and inquire about how they can assist you.
- Consider deleting any inactive accounts.
- Check your device for viruses or malware using trusted protection software.
- Report the incident (Canadian Anti-Fraud Centre) or 1-888-495-8501 (you can also report to your local police).
- Consider reporting to the Better Business Bureau who have an active scam tracking and alert system.
Additional resources
- The Better Business Bureau offers news, tracking and alerts about scams. They also provide risk reports with stats and information you can use to better protect yourself from scammers.
- Our article on Password Security is a great resource to help you keep your email accounts safer.
- Email scams aren’t the only threat, check out our article on how you can prevent credit card fraud.
- Curious what security industry experts are saying? Check out our article where we interviewed two experts about cyber security for seniors.