5 Common Emails Scams To Look Out For – With Examples

ramsac Email Marketing

Among the many ways that cybercriminals try to target people is via email scams. Having been around for a few decades now, it will be no surprise that email scams have become increasingly sophisticated. Nowadays, cybercriminals act quickly and create email scams that reflect current affairs, which recipients might be drawn to, such as those relating to coronavirus throughout 2020. Make sure you stay one step ahead of the game by understanding how email scams work, we have listed 5 example scams to help you recognise email scams.

How email scams work

Cybercriminals know how to tap into people’s fears and desires, which is why these types of emails always contain some kind of appealing messaging. Among other attractions, these could relate to obtaining information, great discounts, or other financial incentives.

Getting someone to open an email scam is just the first step, however. The next is to actually obtain personal information or unleash a virus. This can be done in various ways:

  • Via a link that, when clicked, downloads a malicious virus
  • A request for payment (financial information) for a bogus offer
  • A request for personal details to ‘verify your identity’

The trick behind how email scams work is that they tend to rely on the naivety of the reader. The cybercriminal who has sent the scam has done so in the hope that the recipient will provide information willingly, which will then be exploited. 

5 common email scams

Unfortunately, there seems to be almost endless types of email scams out there. From out-of-the-blue contact from an unknown email address, to those that look to be from an ordinary, reputable source. It’s never been more important to be on guard when it comes to email communication. Knowing how to spot phishing emails can be tricky, but to help, be aware of the following five common email scams.

1.      Financial incentives

To quickly attract attention, and increase the chances of an email being opened, cybercriminals will often use tricks to make a reader think they are due some money. This can be recognised straight away because the subject line will often mention a financial incentive. There are a range of these sorts of emails out there, including:

    • Lottery winnings
    • Tax rebates
    • Overpaid bills
    • Voucher winnings
    • Financial rewards from investments

If you receive an email that mentions any of these, and you’re not expecting it, it’s likely to be a malicious email that you should not trust.

2.      Imitation emails

Another common way of tapping into people’s vulnerability is to imitate a trusted source. Many cybercriminals are aware of the kinds of businesses and official bodies that are commonly used and trusted, and will impersonate such groups knowing that the recipient will either be curious, or worried about ignoring it. All the following have been known to be impersonated by cybercriminals:

    • HMRC
    • Apple
    • Amazon
    • HSBC
    • World Health Organization
    • UK Government

Emails that look to be sent from these kinds of sources tend to look very convincing, and many recipients are indeed tempted to believe their contents. It can be hard to tell if an email is genuine, but look for errors such as spelling mistakes and incorrect logos to help. Also be aware that it’s unlikely that such official sources would ask for personal information via an email in this way. If you have any doubt, get in touch by phone with the genuine company or official body for confirmation.

3.      Product advertisements

It’s also known that cybercriminals often try to tap into people’s desire for a discount. Another common email scam is one that offers a product or service, either at a fantastically low rate, or offers something that’s hard to get hold of.

Depending on the cybercriminal and their knowledge of your internet activity, such emails might advertise something you’re in the market for – such as a discounted car or insurance – or they could contain something illegal. There are many email scams out there claiming to offer illegal substances or services in a ‘discreet’ or ‘undetected’ way.

Any email that fits this description is likely to be from an unreliable source and should not be trusted.

4.      Unpaid bills

Tapping into a recipients’ fear, some cybercriminals adopt the guise of a utility provider chasing payment. In this case, the email is likely to be worded in a professional yet stern manner, causing the reader to feel gently threatened into making a payment. The email could be from any kind of provider, including:

    • Gas/electricity
    • Internet
    • Phone contract
    • Council tax
    • Loan finance company

Should you ever be on the receiving end of this kind of email, be sure to get in touch with your provider to clarify the situation, and report the email scam.

5.      Coronavirus email scams

Sadly, at the moment, coronavirus-related scams are being sent out all the time. Again, exploiting people’s fear, these kinds of email scams could mention all kinds of incentives to encourage a reader to click on an untrustworthy link. Look out for requests for personal information or bank details in relation to:

    • Raising money for coronavirus research
    • Obtaining information about cases in your area
    • Tax rebates to boost the economy
    • Coronavirus PPE or medication

COVID-19 scams don’t look to be abating any time soon, as the world remains so affected by this pandemic. Be aware of these, and question any emails you receive about coronavirus – no matter how official they look.

Email scams from your own email address

As well as understanding what kinds of email scams to look out for, another common question is ‘how can there be an email scam from my own email address?’ This kind of email scam is known as ‘spoofing’ and unfortunately, it’s fairly easy for a cybercriminal to do.

How does this kind of email scam work?

Some email providers enable a sender to change the ‘from’ field of an email to any email address they like, so a cybercriminal would only need to be aware that your email address exists to then use it. To find out if an email address exists, a cybercriminal simply needs to buy or obtain information that has been gained due to a data breach.

The reason why a cybercriminal would opt to send an email scam from your own email address is usually to frighten you. The email would likely warn you that your account has been hacked (which might not be the case), and will only be protected again after you pay a ransom.

Email scams are unfortunately an effective method for cybercriminals, because a significant number of recipients fall for their tricks. In addition to knowing what to look for in an email scam, it’s important for people to be educated on the importance of a human firewall – especially in a business setting. In order for systems and data to be properly protected, all those who have access should be trained in how to defend against cybercrime. Learn more about effective human firewalls, or get in touch to arrange cybersecurity training for more knowledge.

Ensure your IT is at its strongest

Take back control with ramsac’s free self-assessment tool that helps to strengthen your business’ IT systems.

Related Posts

  • Data Protection and Innovation: The Role of the ICO Regulatory Sandbox in the UK

    Data Protection and Innovation: The Role of the ICO Regulatory Sandbox in the UK


    In this blog, we'll explore the concept of the ICO Regulatory Sandbox and its objectives in the data protection landscape in the UK [...]

    Read article

  • Power BI Free vs Pro vs Premium: Which do you need?

    Power BI Free vs Pro vs Premium: Which do you need?


    Power BI offers exceptional data tools to users, but which license should you choose? Find out more in our blog.  [...]

    Read article

  • What is a break glass account?

    What is a break glass account?


    If you’re creating a business continuity plan, have you considered a break glass account? Learn what one is and how to create one here. [...]

    Read article

  • Cybersecurity vs cyber resilience – what is the difference?

    Cybersecurity vs cyber resilience – what is the difference?


    What’s the difference between cybersecurity and cyber resilience, and how can you implement them? We cover this and more. [...]

    Read article

  • Celebrating 20 Years of Cybersecurity Awareness Month

    Celebrating 20 Years of Cybersecurity Awareness Month


    October is Cybersecurity awareness month, follow us on LinkedIn or Twitter for daily tips on how you can protect your organisation against Cybercrime. [...]

    Read article

  • How much should businesses invest in cyber resilience? 

    How much should businesses invest in cyber resilience? 


    In this blog we explore how much organisations should invest in cyber resilience to protect against cybercrime [...]

    Read article