Did you know that phishing attacks account for more than 20% of all data breaches? Banks and other organizations are constantly warning the public about cybercrime. Yet, most consumers have a hard time telling the difference between a legitimate email and a fraudulent one.
Cybercrime is becoming more and more sophisticated. Gone are the days when hackers sent poorly written emails, asking the recipient to click on strange links. Today, they use cloned websites, remote access Trojans, web shells, and other advanced tools to steal consumer data and take control over your devices.
You may be thinking that hackers only target big companies, celebrities, and wealthy individuals. Nothing could be further from the truth. In 2020, nearly one-third of all data breaches involved small businesses, according to Verizon. The same source reports that 58% of victims had their personal data compromised.
The unprecedented increase in remote work is fueling this phenomenon. Organizations worldwide were caught off-guard by the recent events. As a result, many of them experienced malicious attacks, from phishing and account takeover to ransomware.
As a consumer or small business owner, it’s your responsibility to spot and protect yourself from cybercrime. To stay safe, watch out for these sneaky email scams in 2021.
1. Beware of Vaccine Scams
Covid-19 vaccine scams are taking the world by storm. Thousands of people received fraudulent emails asking them to pay for jabs or even manufacture and store the vaccines themselves.
Most emails that fall into this category involve some sort of phishing scam. Consumers are often asked to pay for priority access to vaccination campaigns, schedule appointments through event platforms, or purchase a virus test before getting the actual vaccine. Fraudsters may also offer to ship the vaccine by mail.
These scams are not necessarily targeted at specific groups, such as seniors. Criminals typically send hundreds of messages to random people in the hope of one or two replies. They claim to represent trusted organizations, such as the Centers for Disease Control and Prevention (U.S.) or the NHS (UK).
Some emails are riddled with typos and awkward sentences, while others look legitimate at first glance. Generally, they require your credit card details, banking password, PIN, or copies of personal documents. You may also be asked to click on links to fake waiting lists or product pages.
Google claimed to have blocked 240 million vaccine-related spam messages per day in 2020. Microsoft reports that about 60,000 of all phishing emails detected by its systems on a daily basis contain malicious links or attachments related to COVID-19.
What Can You Do About It?
The best way to protect yourself is to ignore text messages, emails, and ads from unofficial sources. The World Health Organization, the CDC, the FDA, and other public health sources will never sell the vaccine online or ship it by mail.
To stay safe, don’t open unexpected email attachments or click on suspicious links. The State of Michigan also advises consumers to beware of social media ads that claim to offer information on clinical trials, vaccines, or treatments. If you click these ads, fraudsters will store your data and use it to spam your email inbox.
If you receive an email or SMS purportedly coming from a trusted source, take an independent route to check the organization’s website.
For example, you can type CDC.gov into your browser to verify the legitimacy of the information received. Just make sure you don’t click on the links in the email body.
2. Don’t Fall for Online Job Scams
A staggering 225 million people worldwide lost their jobs in 2020 because of the novel coronavirus crisis. That’s four times more than the number of jobs lost in 2009, reports CTV News.
Even those who still have a job are struggling to pay their bills. About half of lower-income people have trouble paying their bills, while one-third find it difficult to keep up with rent and mortgage payments, according to the Pew Research Center.
Considering these aspects, it’s not surprising that more and more people are looking for side jobs. Unfortunately, most job boards are flooded with phony positions. Some require applicants to submit personal data, such as their bank account details and personal data, while others ask them to pay to get hired.
The problem is that scammers post fake job listings on the same platforms used by legitimate employers. Many of them also send scam emails advertising jobs that don’t exist. Their sole purpose is to steal your personal data or exploit your trust for financial gain.
How to Spot a Fake Job Offer
While it’s possible to receive a job offer by email, you’d still have to attend an interview or speak with a hiring manager before starting work. On top of that, a legitimate company will never ask you to pay for training or work equipment.
Watch out for these warning signs to protect yourself from scammers:
• Vague job requirements (e.g.: Must be at least 18 years old and have access to the Internet)
• Emails with spelling and grammatical errors
• No contact information
• Misspelled company names, such as Proctor and Gamble
• Unsolicited emails from so-called recruiters
• Messages sent from free email service providers, like Gmail
• Jobs that require an upfront payment, wire transfer, or training fee
• “Recruiters” who require applicants who apply for career advancement grants
• Emails containing fake URLs (e.g.: Apple.org instead of Apple.com)
• Companies that use instant messaging services to interview candidates
• Job offers that sound too good to be true
The Federal Trade Commission (FTC) recommends using trusted platforms, such as USA.gov and CareerOneStop, to find work. The organization also warns about the dangers of reshipping scams, virtual assistant job scams, and mystery shopper scams.
File a complaint with the FTC if you receive this kind of email or lose money because of it. Most importantly, research any potential employer before disclosing your personal information.
3. Watch Out for Utility Scams
A relatively new email scam requires consumers to pay their utility bills immediately. The message usually comes from utility companies located in a different city or state from where the consumer lives and may ask for his credit card number, social security number, or other personal details.
Legitimate utility companies may indeed send notification emails when you’re behind on your bills, but they’ll never make threats or ask for your personal data.
The emails sent by cybercriminals may contain malicious software or mock links to payment platforms. Fraudsters may also say you’ve overpaid and then ask for your bank account number to make a refund.
Utilities United, a British organization, warns that scammers might also email or call consumers and ask them to pay bogus fees on equipment and repairs. For example, you may receive an email saying that you must pay $1,500 to have the electric meter box replaced.
To stay safe, double-check the company’s email address and call the phone number listed on its official website.
Also, beware that legitimate utility companies will never ask or require a customer to send his financial information by email to avoid disconnection. If you receive this kind of email, report it to the FTC and don’t click on any links.
4. Protect Yourself from Sextortion Scams
Sextortion emails are among the top three most common internet scams, reports the Better Business Bureau. Cybercriminals use this fraudulent practice to blackmail consumers, threatening to reveal intimate images or videos of people performing sexual acts in private.
Most fraudsters ask their victims to pay in Bitcoin. Generally, they target those with compromised user passwords scraped from random websites.
The scammer may claim to have hacked into your computer and used your webcam to record your activity online. For example, he may threaten to reveal that you accessed adult websites—even if that’s not true.
One way to protect yourself is to disable or cover your webcam. However, scammers are unlikely to actually have any information on you. Most times, they send a cookie-cutter email to hundreds or thousands of random people at once.
For your peace of mind, copy and paste the email in Google or whatever search engine you use. Chances are, you’ll get hundreds of results displaying the same text or similar scams. Simply delete the email and move on.
Can You Spot a Scam?
From fake receipts and invoices to malicious embedded links, email scams can take many forms. For example, you may receive an email asking you to fill out a survey conducted by a national association. The moment you click on the link, hackers can steal your personal data or install malware on your device.
As a rule of thumb, check the sender’s email address before replying or clicking on links. Watch out for odd domain names, like “go0gle.fun” or “amazon.xyz.” Be wary of any company that uses generic subject lines, such as “RE: Your Account,” or requests irrelevant information.
To stay safe, change your passwords regularly and refrain from sharing them with others. Pay special attention to any emails coming from eBay, PayPal, and other popular services.
If, say, you’re asked to update your eBay account information, type the URL into your browser and access your account. Don’t click on links or attachments in the email unless you’re 100% sure it’s from eBay. Remember, a little caution can go a long way toward your safety.