A guide for avoiding email scams

Every day, 156 million fake emails soliciting personal information land in inboxes around the world. They often look every bit as legitimate as regular emails. With so much fraud out there, what’s the best way to separate emails you need to read from the ones that could harm you?

If you or someone you know find yourselves subjected to ‘phishing’ emails asking for important data and login information, this guide can help you determine what’s legit and what’s not.

What is phishing?

Email scams that try to get information from you (rather than selling you things) are called “phishing scams.” These typically involve links to fraudulent websites that collect consumer emails, usernames, and passwords. That these links appear to be from legitimate sources is all part of the con.

What’s worse, these emails sometimes contain viruses that install themselves onto a computer browser or a hard drive. This code hides out in your device, quietly collecting and sending usage data over time and impacting your computer’s overall functionality.

How these email scams work

You can have the strongest firewalls and antivirus software, but as the saying goes, a chain is only as strong as its weakest link. And in the case of phishing scams, that weak link is usually a human being.

Phishing scammers rely on gaining the trust of their victims by using messages that appear to originate from a credible source.
Some of their tactics include:

• Spoofing official-looking email addresses or impersonating known trusted entities (banks, government agencies, etc.)
• Threatening penalties from a bank or government agency
• Exploiting sympathy by soliciting donations for a fake cause or charity
• Promoting sweepstakes or contest with little perceived risk (“I figured, it may be a hoax but what’s the harm in just submitting my email?”)

Typically, a phishing scammer will ask for personal or account details, or ask you to click on a link included in an email that might download malware into your system. Once these actions have been taken by the victim, the “hook” has been set and the real problems have begun.

How to spot a phishing scheme

It’s always worth paying attention to how and when you give away your data. Legitimate companies will never ask for your account number, username, or password over the phone or email. They do not need this information to provide customer or technical assistance.

Scammers, on the other hand, often use a trusted company’s logo or even their actual website address in their emails in order to make them appear trustworthy. These emails often contain an embedded link that claims it will direct you to your bank or another site.
A few tips on how to spot an email scam:

• The domain of the website isn’t the same as the one you usually see a company use.
• The email is generic, addressed to ‘Customer’ rather than using your name.
• You notice typos, misuse of grammar, or odd formatting. Legitimate communications go through several rounds of professional edits, reviews, and revisions to ensure their accuracy and readability before being sent out to customers.
• The email solicits financial or other personal information.

If you think the email might be safe but still have some doubts, visit that company’s website directly. You can also contact the business or bank to verify that the email is valid. Most companies will have an “abuse” or “security” link in the footer of their website.

Want to learn more?

Namecheap takes cybersecurity seriously. To learn more about how you can protect yourself against cybercrimes, check out our articles on ransomware, social engineering, malware, and how to deal with hacked accounts.

This article was updated on May 11, 2021 to reflect new content.