Scam emails have come a long way since the days of requests for money from far-flung lonely hearts, or investment opportunities from dubious overseas princes. These days, email scammers are cannier than ever at imitating legitimate brands to trick victims.
With 26 percent of US adults saying they are “almost constantly” online, according to Pew Research, this is now the most likely place for identity theft to occur. Often, ID fraud can begin with the wrong click on a scam email.
How can you best prep to avoid online scams? By studying the most recent ones, and learning just why they're so effective. Here's an overview of the latest email scams that just might fool even the most experienced web surfer, along with simple things you can do to avoid and report them.
What are the Most Common Types of Email Scam?
Email phishing scams usually follow a similar pattern – they imitate a known, trusted brand, and try to convince you that your account details or finances are at risk. The top email scams include:
- COVID-19 Payment Scam – the promise of a pandemic payment
- Amazon Cancellation Scams – a fake Amazon order and offer to cancel it
- Netflix Phishing Scam – an attempt to get your details
- PayPal Order Confirmation – works on the fear of missing an order
- FedEx Scam – is there a parcel waiting for you?
- Apple iTunes Scam – fake email orders
- Sextortion Scam – the threat of leaking private information
- Apple Account Recovery Scam – the danger of locking you out of your Apple account
- Bank of America Phishing – an authentic looking financial email
- Investment Scams – tempting offers to invest your money
- Facebook Activity Alerts – imitating genuine Facebook notifications
- Google and Gmail Alert Scams – attempts to get your login details
All of the above scams attempt to trick victims in a similar fashion. You're encouraged to click through a link, at which point, victims can inadvertently hand over sensitive data to scammers.
See our guide to the Best Antivirus for Business
Fake COVID-19 Scams
Scammers are renowned opportunists, preying on fear and uncertainty. And unfortunately, 2020 has given them one big opportunity – COVID-19. You might think that a global pandemic would slow scammers down for a while, but it's actually quite the opposite. The FTC has reported seeing a rise in the number of fraudulent emails being sent to Americans purporting to be from government agencies.
Many of these are related to payments from a ‘Global Empowerment Fund', to help citizens with finances during the pandemic. All the email asks the recipient to do is reply with their bank details. It's easy to see why people could be tempted, but acting on this email is likely to cause a major financial loss.
This scam is nothing new – in fact, it's probably as old as email – but the pandemic has enabled scammers to give an old favorite a new lick of paint, which is likely to ensnare some unlucky victims.
Click to expand
Amazon Cancellation Scam
Amazon is the retail giant's retail giant, and most of us are used to seeing an Amazon invoice in our inboxes. As a result, it's a prime target for scammers hoping to convince their victims that they've bought or cancelled an order that never existed.
If you find an email claiming to be from Amazon, but citing an order you never placed, it's not from Amazon. You can copy-and-paste the email into a new email (or just forward it) addressed to email@example.com in order to alert the company.
If you have already clicked a link or logged into your Amazon account through a suspicious email, don't give up hope – there are simple steps you can take to remedy the damage. Amazon recommends changing your password immediately, then contacting your credit card company.
See Amazon's advice on taking action against scam Amazon emails
Click to expand
Netflix Phishing Scam
This phishing email directs you to the login(dot)netflix-activate(dot)com website, where it will refer its hapless victim through a series of moderately convincing landing pages designed to look like the official Netflix.
It then asks for personal information – including a user's address, phone number, date of birth, and payment information – before depositing users on a (fake) page claiming that their “account has been updated.” The site even has an HTTPS address, as security blog Malwarebytes explains.
And, since the email scam claims you might lose access to your account if you ignore the warning, the scam creates a ticking clock that encourages victims to give away their information.
Here's what the real Netflix website has to say about phishing emails:
“Never enter your login or financial details after following a link in an email or text message. If you're unsure if you're visiting our legitimate Netflix website, type www.netflix.com directly into your web browser.”
Like Amazon, Netflix wants targets of a phishing email scam to let them know by forwarding anything suspicious to Netflix's address (firstname.lastname@example.org) before deleting it.
Click to expand
PayPal Order Confirmation Scam
One of the best ways to reel in victims is through phishing – the security term for a scam that attempts to lure a user into freely providing their login information. And there's no motivator like money, and the worry of losing it. This explains why the online payment service PayPal is a common front for a phishing attempt. It's also worth noting that this type of scam can also happen via text message, with fake PayPal text message alerts attempting to trick victims.
The latest big wave began in December 2017, featuring email headlines claiming that PayPal “couldn’t verify your recent transactions”, or that “Your payments processed cannot completed.” Click through, MalwareBytes reported at the time, and you'd find a fake PayPal landing page. It emulated the look-and-feel of PayPal's site, then asked unwitting victims to supply their home address and credit card information – all under the guise of resolving a made-up payment.
If you come across one of these emails, forward it to “email@example.com,” keeping the email headline the same. And if you're in doubt, don't click the email: Log into your PayPal account through a secure link to check for any changes in your account balance. You can also contact PayPal directly at 1-888-221-1161 in order to report a phishing attempt.
Click to expand
FedEx Email Scam
This email purporting to be from FedEx is such a classic scam that it should be instantly recognizable as such, yet it still carries a whiff of plausibility which could easily trip you up. A somewhat innocent looking email, it suggests that there is a message waiting for you from FedEx, and encourages you to click on a link to read it.
The cunning aspect of this email is that it insinuates that there could be a package or some mail waiting for you, and who doesn't like receiving a parcel in the post? This particular email purports to be linked to REI Co-op, an outdoors equipment retailer, presumably in the hope of tricking people into clicking the link in the belief they've missed the delivery of a free tent or a sturdy pair of walking boots.
Like the Chipotle advert, this is nothing more than a textbook data harvesting scam. Clicking to ‘read' the message will take you to a form to enter personal details, including your email address and password (which far too many people re-use on multiple sites). So don't click the message – delete it.
As ever, if you receive an email claiming to have information about a product you haven't ordered, delete it – or better still, report the spam to your email provider.
Click to expand
Apple iTunes Fake Purchase Scam
Apple scam emails are so old that Indiana Jones should be clutching them while running away from a giant boulder. However, that's not to say that they're going away, or that people have stopped falling for them. The Apple iTunes email scam is fairly similar to the PayPal scam above, and relies on instilling panic in its victim about the loss of money.
Victims receive an email purporting to be from Apple iTunes (it's not actually from iTunes or any real Apple account), claiming that they have just made a purchase on the Apple Store. In our case, it was a $50 payment for a game.
The email then provides a link to a page to cancel the payment. Sound familiar? Follow that link, and yep, you guessed it – you'll be asked to fill in lots of juicy personal details.
The fact that this scam keeps showing up implies that a lot of people must be falling for it. Staying vigilant is relatively easy to do, and if you receive an email like this and don't recognize the purchase, check your purchases under your Apple account directly, rather than following the link.
Click to expand
With this scam, victims receive an email from the scammer stating that they have been recorded watching pornographic material online. The scammer claims to have footage of what the victim was watching, as well as footage that catches the victim in the ‘act', caught on their webcam.
The twist here is that the emails open with the victim's own password as the subject header, making them extra convincing and creating immediate panic. The victim is asked to pay a bribe in Bitcoin in exchange for silence.
It's believed that the scammers are getting the email addresses and passwords from a list of previously leaked addresses. The UK government group Action Fraud has run the affected email addresses through the Have I Been Pwned site (a useful free tool to check if your data has been compromised). Most of those affected were indeed in the database.
If you receive this email, don't despair. Firstly, rest assured that nobody has any compromised footage of you. Secondly, check the Have I Been Pwned database and change your password details for your affected email address if you're still using the same one on any other websites.
Remember, you should never re-use the same password on multiple sites. Instead, we recommend using a Password Manager to create and autofill secure passwords for you.
Click to expand
Apple Account Recovery Scam
This classic scam sends you an urgent email with an admittedly confusing subject line. They insist that your Apple ID has been locked because of an “unusual sign-in attempt.”
To reset your account, you'll just need to confirm your Apple ID with a bunch of personal information you wouldn't want in the hands of an online scammer. Unfortunately, that's definitely who it's going to.
Fortunately, there are a few easy ways to spot a fake request like this one. For one, that poorly constructed subject line is a dead giveaway. Apple is a lot of things, but prone to spelling errors in important company emails like this one they are not. Also, most tech services like Apple rarely ask you to input your personal information in such a haphazard way, so make sure the request is legitimate.
Always make sure an email address, a hyperlink, or anything you click on the internet is authenticated before inputting any personal information.
Click to expand
Bank of America Phishing Email
Many of us rely on our online bank accounts on a daily basis. As such, the thought of being locked out is an unnerving prospect. The people behind this next scam are well aware of this, and use it to their advantage, threatening to cut off access to Bank of America customers if they don't respond in time.
It starts with a fairly convincing email that claims to come from Bank of America. Those who don't hold accounts with the bank are likely to spot something is off straight away, but it's easy to see how customers could be sucked in.
The email states that the bank requires some updated account information, and that if this isn't provided within two days, the account will be frozen.
It's highly unusual for any bank to threaten to take away its service in this way. Follow the link, and you'll land on an almost convincing Bank of America page.
Visually, it looks like the real deal, but the garbled URL is a giveaway. It's always worth checking the web address of any sites that you're not sure about – in this case, it's a random assortment of letters that doesn't exactly scream ‘genuine'.
While the front page mimics Bank of America's own, you'll find that none of the links go anywhere. Try and log into the site, however, and the scammers will have your vital username and password for your Bank of America account.
As far as scams go, this is a classic case of phishing, where victims are fooled into entering their personal data on what they believe to be a genuine site.
This scam email purports to be from Bank of America, but scammers will imitate all sorts of popular banks when sending out phishing emails en masse. The safest practice is to never, ever click on an email claiming to be from your bank. Instead, always open a new browser tab and navigate to the official bank webpage manually, then log in securely. That way, you can be sure you've not inadvertently followed a fraudulent link.
Click to expand
While cryptocurrency's potential to change the world is compelling, it's also becoming the buzzword for anyone trying to make a quick buck. With something as volatile as a digital currency still finding its footing, there are plenty of online scams out there trying to take advantage. And this one really went for it.
This likely online scam from Kalibrate gives victims the chance to get in on the ground floor of an innovative new home blood test, promising to generate “$5 billion in revenue upon launch” and boasting upside potential “in the thousands of per cent.” Along with that, you can participate in their Initial Coin Offering (ICO), which is somehow related to the new device. All you need to do is make a $10,000 investment while giving your personal information. Sounds too good to be true, right? Well, it obviously is.
When it comes to your online security, a good rule to follow is never invest $10,000 in anything because of a marketing email. Any time large sums of money are concerned, do your research and make sure you aren't throwing your money away. Additionally, if you've got a product that's going to generate $5 billion upon launch, you probably aren't spending your resources on investment requests that are typically headed for spam folders. Steer clear!
Click to expand
Facebook Activity Scam
Everyone and their grandmother is on Facebook, and sadly, grandmothers might be particularly vulnerable to this scam email. The email copies the same formatting and colors that we've all learned to associate with Facebook, spurring users to click through. Once they do, they may be met with a shady website attempting to sell them items – and likely download a little malware on the side.
The domain of the site can be a simple giveaway. Hover your cursor over the links in the email for a preview of the real destination – anything that's not the official Facebook.com is a scam, every time.
If you get these emails, don't click on any links. It's safer to simply delete the emails. Log into your Facebook account manually at Facebook.com in order to check for any real notifications. If you've already clicked the link, run a virus scan.
If you're worried your Facebook account has been compromised, visit Facebook's help service.
Click to expand
Google Messages Scam
This Google scam email sums up the typical approach. Massive corporation with widespread adaptation? Check. An authoritative claim that users “must” read their “Support Service” messages? Check. There's even a link that users can click if they feel they've received the message in error, which is itself a scam link.
While Google has been tightening security on its third-party applications in an attempt to address its phishing problem, as the example above shows, it hasn't stopped them all.
You can report any Google-impersonating phishing attempts at Google's scam information page.
Click to expand
How Anti-Virus Software Can Protect You from Scams
While there are thousands of scams currently being perpetrated, and new ones cropping up every day, they all have the same goal – to steal your data. This could be personal data, financial data, or even continued access to your device. Anti-virus software works tirelessly in the background to protect you from such scams, and is constantly being updated to ensure that it can capture the latest viruses and remove them – usually without you having to do anything.
Email scams are a good example of this. Still extremely popular, these can mimic genuine emails, even purporting to be from friends or colleagues with an air of authenticity. Software such as Norton's Anti-Virus package actively scans all incoming email and removes any viruses, alerting you to their presence. These can be deleted automatically, or manually, once you've had a chance to take a look at the threat.
Anti-virus software can also identify potential scams that stem from other sources, such as web browsing. It's common for packages to offer a browser plug-in (like Bitdefender's Traffic Light) that can spot phishing and malware attempts, alerting you instantly and saving you from becoming the next victim.
How to Report Scam Site Links
You can be a good online citizen by reporting any scam links you come across. Here's a quick list of the major websites that will allow you to report scammers or spammers who using their link shorteners. By getting the scammer's original link blacklisted by a popular link shortener, you'll help prevent others from getting scammed.
- Report scam Google shortlinks at goo.gl
- Report sketchy Bit.ly shortcuts at bit.ly
- Report GoDaddy scam links at x.co
- Report is.gd scam links at is.gd
- Report Tiny scam links at tiny.cc
If you come across any suspicious emails that you'd like to confirm as a scam before you report, you can right-click a link in order to copy the hyperlink. You can then paste that link into this AI-powered online link checker, or this online database of blacklisted links. Whatever the result, remember to stay alert and think before you click.
For extra peace of mind when online, anti-virus software can ensure that any potential scams that might expose your computer to viruses are caught before they have a chance to inflict any harm. Not only is your device safe, but your personal details are, too. With an awareness of what the latest scams are, matched with a decent anti-virus package, you can ensure that your online experience is a safe and stress-free one.
Tech.co is reader-supported. If you make a purchase through the links on our site, we may earn a commission from the retailers of the products we have reviewed. This helps Tech.co to provide free advice and reviews for our readers. It has no additional cost to you, and never affects the editorial independence of our reviews. Click to return to top of page