5 Common Emails Scams To Look Out For – With Examples

ramsac Email Marketing

Among the many ways that cybercriminals try to target people is via email scams. Having been around for a few decades now, it will be no surprise that email scams have become increasingly sophisticated. Nowadays, cybercriminals act quickly and create email scams that reflect current affairs, which recipients might be drawn to, such as those relating to coronavirus throughout 2020. Make sure you stay one step ahead of the game by understanding how email scams work, we have listed 5 example scams to help you recognise email scams.

How email scams work

Cybercriminals know how to tap into people’s fears and desires, which is why these types of emails always contain some kind of appealing messaging. Among other attractions, these could relate to obtaining information, great discounts, or other financial incentives.

Getting someone to open an email scam is just the first step, however. The next is to actually obtain personal information or unleash a virus. This can be done in various ways:

  • Via a link that, when clicked, downloads a malicious virus
  • A request for payment (financial information) for a bogus offer
  • A request for personal details to ‘verify your identity’

The trick behind how email scams work is that they tend to rely on the naivety of the reader. The cybercriminal who has sent the scam has done so in the hope that the recipient will provide information willingly, which will then be exploited. 

5 common email scams

Unfortunately, there seems to be almost endless types of email scams out there. From out-of-the-blue contact from an unknown email address, to those that look to be from an ordinary, reputable source. It’s never been more important to be on guard when it comes to email communication. Knowing how to spot phishing emails can be tricky, but to help, be aware of the following five common email scams.

1.      Financial incentives

To quickly attract attention, and increase the chances of an email being opened, cybercriminals will often use tricks to make a reader think they are due some money. This can be recognised straight away because the subject line will often mention a financial incentive. There are a range of these sorts of emails out there, including:

    • Lottery winnings
    • Tax rebates
    • Overpaid bills
    • Voucher winnings
    • Financial rewards from investments

If you receive an email that mentions any of these, and you’re not expecting it, it’s likely to be a malicious email that you should not trust.

2.      Imitation emails

Another common way of tapping into people’s vulnerability is to imitate a trusted source. Many cybercriminals are aware of the kinds of businesses and official bodies that are commonly used and trusted, and will impersonate such groups knowing that the recipient will either be curious, or worried about ignoring it. All the following have been known to be impersonated by cybercriminals:

    • HMRC
    • Apple
    • Amazon
    • HSBC
    • World Health Organization
    • UK Government

Emails that look to be sent from these kinds of sources tend to look very convincing, and many recipients are indeed tempted to believe their contents. It can be hard to tell if an email is genuine, but look for errors such as spelling mistakes and incorrect logos to help. Also be aware that it’s unlikely that such official sources would ask for personal information via an email in this way. If you have any doubt, get in touch by phone with the genuine company or official body for confirmation.

3.      Product advertisements

It’s also known that cybercriminals often try to tap into people’s desire for a discount. Another common email scam is one that offers a product or service, either at a fantastically low rate, or offers something that’s hard to get hold of.

Depending on the cybercriminal and their knowledge of your internet activity, such emails might advertise something you’re in the market for – such as a discounted car or insurance – or they could contain something illegal. There are many email scams out there claiming to offer illegal substances or services in a ‘discreet’ or ‘undetected’ way.

Any email that fits this description is likely to be from an unreliable source and should not be trusted.

4.      Unpaid bills

Tapping into a recipients’ fear, some cybercriminals adopt the guise of a utility provider chasing payment. In this case, the email is likely to be worded in a professional yet stern manner, causing the reader to feel gently threatened into making a payment. The email could be from any kind of provider, including:

    • Gas/electricity
    • Internet
    • Phone contract
    • Council tax
    • Loan finance company

Should you ever be on the receiving end of this kind of email, be sure to get in touch with your provider to clarify the situation, and report the email scam.

5.      Coronavirus email scams

Sadly, at the moment, coronavirus-related scams are being sent out all the time. Again, exploiting people’s fear, these kinds of email scams could mention all kinds of incentives to encourage a reader to click on an untrustworthy link. Look out for requests for personal information or bank details in relation to:

    • Raising money for coronavirus research
    • Obtaining information about cases in your area
    • Tax rebates to boost the economy
    • Coronavirus PPE or medication

COVID-19 scams don’t look to be abating any time soon, as the world remains so affected by this pandemic. Be aware of these, and question any emails you receive about coronavirus – no matter how official they look.

Email scams from your own email address

As well as understanding what kinds of email scams to look out for, another common question is ‘how can there be an email scam from my own email address?’ This kind of email scam is known as ‘spoofing’ and unfortunately, it’s fairly easy for a cybercriminal to do.

How does this kind of email scam work?

Some email providers enable a sender to change the ‘from’ field of an email to any email address they like, so a cybercriminal would only need to be aware that your email address exists to then use it. To find out if an email address exists, a cybercriminal simply needs to buy or obtain information that has been gained due to a data breach.

The reason why a cybercriminal would opt to send an email scam from your own email address is usually to frighten you. The email would likely warn you that your account has been hacked (which might not be the case), and will only be protected again after you pay a ransom.

Email scams are unfortunately an effective method for cybercriminals, because a significant number of recipients fall for their tricks. In addition to knowing what to look for in an email scam, it’s important for people to be educated on the importance of a human firewall – especially in a business setting. In order for systems and data to be properly protected, all those who have access should be trained in how to defend against cybercrime. Learn more about effective human firewalls, or get in touch to arrange cybersecurity training for more knowledge.

Ensure your IT is at its strongest

Take back control with ramsac’s free self-assessment tool that helps to strengthen your business’ IT systems.

Related Posts

  • Inherent risk vs residual risk: What’s the difference?

    Inherent risk vs residual risk: What’s the difference?


    Inherent risk and residual risk are key elements of any effective risk management process designed to strengthen cybersecurity defences and protect your company’s data. Read on. [...]

    Read article

  • What is cybersecurity monitoring? How important is it in 2024?

    What is cybersecurity monitoring? How important is it in 2024?


    Cybersecurity monitoring is the continuous surveillance of digital systems to detect and respond to security threats and data breaches in real-time. Discover how cybersecurity monitoring software can protect your [...]

    Read article

  • Examples of sensitive data in your organisation

    Examples of sensitive data in your organisation


    Any confidential information that’s stored, processed, or managed by an organisation or individual is classified as sensitive data. Read our sensitive data examples today. [...]

    Read article

  • Understanding the PSTN switch-off: what it means for you

    Understanding the PSTN switch-off: what it means for you


    The old Public Switched Telephone Network (PSTN) is shutting down at the end of this year, we explain the impact this could have on organisations. [...]

    Read article

  • How to set up a secure password policy in Microsoft 365

    How to set up a secure password policy in Microsoft 365


    Discover the essentials of a robust password policy for cybersecurity in Microsoft 365. Learn what to include and what to avoid. Read the blog today. [...]

    Read article

  • A guide to sensitivity labels and how to apply them

    A guide to sensitivity labels and how to apply them


    Sensitivity labels allow you to manage, organise, and protect sensitive emails, files, and documents as part of the Microsoft 365 suite. Read on. [...]

    Read article