Scam emails have come a long way from requests for money from far-flung lonely hearts, or investment opportunities from dubious overseas princes. These days, email scammers are cannier than ever at imitating legitimate brands to trick victims.
With 26 percent of U.S. adults saying they are “almost constantly” online, according to Pew Research, this is now the most likely place for identity theft to occur. Often, ID fraud can begin with the wrong click on a scam email.
How can you best prep to avoid online scams? By studying the most recent ones, and learning just why they're so effective. Here's an overview of the latest email scams that just might fool even the most experienced web surfer, along with simple things you can do to avoid and report them.
What are the Most Common Types of Email Scam?
Email phishing scams usually follow a similar pattern – they imitate a known, trusted brand, and try to convince you that your account details or finances are at risk. The top email scams include:
- Amazon Cancellation Scams – a fake Amazon order and offer to cancel it
- Fake PayPal Scam Emails – a phoney PayPal transaction to alarm you
- Facebook Activity Alerts – imitating genuine Facebook notifications
- Disputed Payment Emails – a false claim that a transaction is due
- Google and Gmail Alert Scams – attempts to get your login details
All of the above scams attempt to trick victims in a similar fashion. You're encouraged to click through on a link, at which point, victims can inadvertently hand over sensitive data to scammers.
- October 2018: New Email Scams
- September 2018: Scams to Watch Out For
- August 2018: Latest Scams Online
- July 2018: Online Scams roundup
- June 2018: New Scams to Avoid
- May 2018: Latest Online Scams
Amazon Cancellation Scam
Amazon is the retail giant's retail giant, and most of us are used to seeing an Amazon invoice in our inboxes. As a result, it's a prime target for scammers hoping to convince their victims that they've bought or cancelled an order that never existed.
If you find an email claiming to be from Amazon, but citing an order you never placed, it's not from Amazon. You can copy-and-paste the email into a new email (or just forward it) addressed to email@example.com in order to alert the company.
If you have already clicked a link or logged into your Amazon account through a suspicious email, don't give up hope. There are simple steps you can take to remedy the damage. Amazon recommends changing your password immediately, then contacting your credit card company.
See Amazon's advice on taking action on scam Amazon emails
PayPal Order Confirmation Scam
One of the best ways to reel in victims is through phishing — the security term for a scam that attempts to lure a user into freely providing their login information. And there's no motivator like money, and the worry of losing it. So, the online payment service Paypal is a common front for a phishing attempt.
This type of scam can also happen via text message, with fake PayPal text message alerts attempting to trick victims in 2018.
The latest big wave began in December 2017, featuring email headlines claiming that Paypal “couldn’t verify your recent transactions” or that “Your payments processed cannot completed.” Click through, MalwareBytes reported at the time, and you'll find a fake Paypal landing page. It emulated the look-and-feel of PayPal's site, then asked unwitting victims to supply their home address and credit card information — all under the guise of a resolving a made-up payment.
If you come across one of these emails, forward it to “firstname.lastname@example.org,” keeping the email headline the same. And if you're in doubt, don't click the email: log into your Paypal account through a secure link to check for any changes in your account balance. You can also contact PayPal directly at 1-888-221-1161 in order to report a phishing attempt.
Facebook Activity Scam
Everyone and their grandmother is on Facebook. Sadly, grandmothers might be particularly vulnerable to this scam email. The email copies the same formatting and colors that we've all learned to associate with Facebook, spurring users to click through. Once they do, they may be met with a shady website a shady website attempting to sell them items — and likely download a little malware on the side.
The domain of the site can be a simple giveaway. Hover your cursor over the links in the email for a preview of the real destination. Anything that's not the official Facebook.com is a scam, every time.
If you get these emails, don't click on any links. It's safer to simply delete the emails. Log into your Facebook account manually at Facebook.com in order to check for any real notifications. If you've already clicked the link, run a virus scan.
If you're worried your Facebook account has been compromised, visit Facebook's help service.
Stripe Payment Dispute Scam
This is a particularly nasty scam, because it masquerades as a disputed payment. An email claiming to be a dispute might make the small business owner frantically type in their login details — allowing the scammer to scoop up their details.
The scam exploits a victim's fear over what will happen if they don't enter their information. The example here, from comics publisher C. Spike Trotman, uses a linked .jpg instead of actual text and a button. This directs you to a non-Stripe site asking for your information.
If you hover over a link you can read the destination URL itself. Check it for misspellings, and don't trust anything that's not the Stripe.com domain. The service also recommends you enable two-step verification to keep your account more secure.
If you have a suspicious email, forward it to the Stripe team at the Stripe contact page.
Google Messages Scam
This Google scam email sums up the typical approach. Massive corporation with widespread adaptation? Check. An authoritative claim that users “must” read their “Support Service” messages? Check. There's even a link that users can click if they feel they've received the message in error — which is itself a scam link.
Over the past few months — following a big Google Docs phishing attack in May 2017 — Google has been tightening security on its third-party applications in an attempt to addressing its phishing problem. But, as the example above shows, it hasn't stopped them all.
You can report the Google-impersonating phishing attempts at Google's scam information page.
How to report scam site links
You can be a good online citizen by reporting scam links you come across. Here's a quick list of the major websites that will allow you to report scammers or spammers who using their link shorteners. By getting the scammer's original link blacklisted by a popular link shorteners, you'll help prevent others from getting scammed.
- Report scam Google shortlinks at goo.gl
- Report sketchy Bit.ly shortcuts at bit.ly
- Report GoDaddy scam links at x.co
- Report is.gd scam links at is.gd
- Report Tiny scam links at tiny.cc
If you come across any suspicious emails that you'd like to confirm as a scam before you report, you can right-click a link in order to copy the hyperlink. You can then paste that link into this AI-powered online link checker or this online database of blacklisted links. Whatever the result, remember to stay alert and think before you click.
Read more about the latest security news and advice on TechCo