How to identify potential email scam attacks
How the older generation can improve awareness of phishing scams
Cybercrime continues to be an ongoing threat in 2019. Emails are still the most common way for cyber criminals to complete spear-phishing attacks. Unfortunately, many of the baby boomer generation are becoming victims of such email scams, with the frequency of attacks likely to increase due to its success rate. The success of these attacks have spiked, as phishing emails become more convincing and difficult to spot, and many online users have little awareness on what factors to look out for in order to detect fake emails.
Reports from 2017 suggested that 91% of attacks by sophisticated cybercriminals start through spear phishing emails. Cyber criminals are creating an average of around 1.4 million phishing websites every month with fake pages designed to mimic the company they’re spoofing.
Spear phishing emails and messages are highly targeted, so it’s worth the cybercriminal’s time to ensure their fake emails look like the real deal. As such, these emails are common and effective, with the Australian Cyber Security Centre (ACSC) warning that such methods are becoming “more convincing and difficult to spot”.
Phishing scams are a constant threat – using various social engineering ploys, cyber criminals will attempt to trick you into divulging personal information such as your login ID and password, banking or credit card information.
So not only is it important to know how to protect yourself from being hacked, but it’s important to understand how cyber-attacks occur. In simple terms, most attacks are an attempt to change a computer user’s behaviour through some shady computer tactics.
Two key aspects to be aware of regarding email phishing scams:
- Phishing scams can be carried out by phone, text, or through social networking sites – but most commonly by email. (Read our blog on an example of a phone scam)
- Be suspicious of any official-looking email message or phone call that asks for personal or financial information.
So, what does a cyber-attack generally look like?
It could be a message that appears to come from your bank or credit card company. It seems urgent and includes a link to click or document attachment. However, if you look closely at the email, you can find clues that it might not be real.
Examples of phishing emails
Look out for fake emails
There is a long list of items to check, in order to detect possible email scams – so we’ve narrowed down the most common ways below:
- Don’t trust display names as these can be anything a scammer wants them to be
- Check for fake email domains; they’ll often be slightly different versions of the real thing
- Look at the logo and other images; low resolution images can be a giveaway
- Review links carefully by hovering over the link text (without clicking). A link that is different from the one in the link text is a sign of a malicious link
- Look out for bad spelling and grammar, as this can be a tell-tale sign that it’s not a legitimate message
Always look at the web address before clicking on the link
Hover your pointer over the link (but don’t click it), then look at the web address that shows up either above the link or in the bottom left corner of your screen. Does that link look real, or does it contain gibberish, or names that aren’t associated with your bank? The email may also have typos or seem like it’s written by someone who speaks English as a second language.
For example, if you receive an email from JB Hi-Fi with a sale and discount code in the email contents, however, when hovering your mouse over the link, the URL displays http://e.gamesgalore0z.com, you can be certain this is scam.
Never open an attachment from an unknown sender
Another way that cyber-attacks occur is when you download a file that contains a malicious piece of code, usually a worm or a Trojan horse. This can happen by downloading email files, apps, videos, and music files online. As soon as you open the file after downloading, your computer will be infected with thousands of infected files.
Below is an example of a phishing email that includes a word document attachment. The attachment looks somewhat legitimate, however the rest of the email is fraught with dodgy giveaways that reveal it’s fake. Such as:
- First ask yourself, have you purchased anything recently from the sender, or do you have any affiliation or account with the sender?
- Typo in the Sender Name
- Very long email address which has no correlation to ‘Apple’
- Dodgy domain sender (i.e. @sroenabpa.com) which again has no affiliation
- Dodgy subject line with strange use of symbols
- Body copy in the email itself does not read well and includes strange wildcards and symbols
Be careful what you click
Avoid visiting unknown websites or downloading software from untrusted sources. These sites often host malware that will automatically, and often silently, compromise your computer. If attachments or links in email are unexpected or suspicious for any reason (as above example), don’t click on it – and delete it immediately.
Example: If you receive an email from a bank or credit card company that makes you wonder, close the email and type the bank or credit card company’s address directly into your web browser. Better yet, call the company and ask them about the message. Banks will never ask for your details via email, nor will most reputable companies that are asking for personal details or credit card information.
– Telstra, Cyber security. Read more
– What you need to know about Australia’s three most common cyber threats. Dominic Powell, 13 October 2016. Read more
– Berkeley Information Security and Policy. Top 10 Secure Computing Tips. Read more
– Lifewire. Could a Cyber Attack Knock Out Your Computer? Jerri Ledford, 10 February 2019. Read more
– McAfee, Economic Impact of Cybercrime No Slowing Down. February 2018. Read more
– Cybint News. 13 Alarming Cyber Security Facts and Stats. 3 December 2018. Read more
– Symantec, Internet Security Threat Report, volume 23. Read more
– Cybersecurity Ventures, Cybercrime Damages $6 Trillion By 2021. Steve Morgan, 16 October 2017. Read more
Subscribe to our newsletter