4 Email Phishing Scams to Avoid

4 Email Phishing Scams to Avoid

Before you go wading into all your unread emails from over the holidays, it’s a good idea to brush up on phishing email scams, which can lead to financial loss, compromised accounts, identity theft, ransomware infection and insecure data.

Before you go wading into all your unread emails from over the holidays, it’s a good idea to brush up on phishing email scams, which can lead to financial loss, compromised accounts, identity theft, ransomware infection and insecure data. Phishing has been around a long time, but as technology and cybersecurity evolve, so do scammers and their phishing techniques. Here are four types of phishing emails to be wary of and tips to avoid being a victim of phishing.

Deceptive Phishing: Deceptive phishing is the most common type of phishing scam, in which scammers carefully impersonate or “spoof” a real company’s correspondence and attempt to steal users’ personal information or login credentials. These emails frequently use urgent-sounding language to startle users into following through on their directive, often related to resolving a “problem” with an account. Deceptive phishing emails not only spoof legitimate companies to target users, they often direct the victim to resolve the imaginary account issue by clicking through and logging into a matching spoofed website, allowing the phisher to collect their personal information and account login information. Deceptive phishing attacks can imitate companies such as PayPal, internet service providers, banks or credit card companies.

Cloud Storage Phishing: Scammers are now basing many attacks off of Cloud storage services such as Dropbox or Google Drive. This kind of phishing scam usually involves a realistic-looking spoofed email claiming to come from a Cloud storage service and requesting the user to click through to secure an account or download and view a shared document. When the user clicks through, they’re directed to a spoofed login page that harvests the user’s account credentials for the phisher.

IRS Phishing: A more recent type of phishing attack is IRS-related phishing, in which criminals disguise a phishing email to employees in human resources or payroll departments so that it appears to come from a company executive. Phishers do this to request information such as employees’ W-2 data or even social security numbers from companies. These phishing scams are particularly dangerous because the Form W-2 contains an employee’s name, address, Social Security number, income and withholdings, all of which compromises personal identity and data security and can be used to file fraudulent tax returns or even be sold on the Dark Net.

Spear Phishing: Spear phishing is a more personalized type of email scam, in which fraudsters may gather information on a victim over time via social media like LinkedIn, through data breaches or simply by gathering intel via some kind of hack. They then use this information to lend credibility to their phishing email for a specific target. Spear phishing attacks are called such because instead of casting a wider, indiscriminate net, they specifically target high-value victims—even top executives. In “whaling” attacks, the goal is to target executives to steal their login credentials, after which a scammer can conduct CEO fraud by impersonating the victim and abusing their credentials to authorize fraudulent wire transfers.

How to Avoid Being Phished

  • Examine emails closely for inaccuracies or inconsistencies in greetings, headers, signatures or email addresses. If things seem off, it’s a good sign to not trust the sender.
  • Don’t give out personal, company or financial information via email and don’t respond to email solicitations for this information or follow links in these emails.
  • Pay attention to the URL of a website—malicious or phishing websites may replicate a legitimate site well but their URL may use a variation in spelling or a different website domain.
  • Don’t open or download email attachments from senders you don’t recognize—again, check the sender’s email address to verify that the spelling and domain are consistent with who they say they are. Because of the possibility of real but hacked email accounts, you should never download suspicious-looking email attachments from people you DO know.
  • Use two-factor verification on accounts where possible.
  • Install and maintain antivirus software, firewalls and email spam filters to reduce the likelihood of phishing attacks coming through.

About the Author

Jessica Davis is the Associate Content Editor for 1105 Media.

Featured

  • Survey: 54% of Organizations Cite Technical Debt as Top Hurdle to Identity System Modernization

    Modernizing identity systems is proving difficult for organizations due to two key challenges: decades of accumulated Identity and Access Management (IAM) technical debt and the complexity of managing access across multiple identity providers (IDPs). These findings come from the new Strata Identity-commissioned report, State of Multi-Cloud Identity: Insights and Trends for 2025. The report, based on survey data from the Cloud Security Alliance (CSA), highlights trends and challenges in securing cloud environments. The CSA is the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Read Now

  • Study: Nearly Half of Companies Exclude Cybersecurity Teams When Developing, Onboarding and Implementing AI Solutions

    Only 35 percent of cybersecurity professionals or teams are involved in the development of policy governing the use of AI technology in their enterprise, and nearly half (45 percent) report no involvement in the development, onboarding, or implementation of AI solutions, according to the recently released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology. Read Now

  • New Report Series Highlights E-Commerce Threats, Fraud Against Retailers

    Trustwave, a cybersecurity and managed security services provider, recently released a series of reports detailing the threats facing the retail sector, marking the second year of its ongoing research into these critical security issues. Read Now

  • Stay Secure in 2024: Updated Cybersecurity Tips for the Office and at Home

    Cyber criminals get more inventive every year. Cybersecurity threats continue to evolve and are a moving target for business owners in 2024. Companies large and small need to employ cybersecurity best practices throughout their organization. That includes security integrators, manufacturers, and end users. Read Now

Featured Cybersecurity

Webinars

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3