Say you open your inbox and see an urgent email from a sender you think you know — maybe it's a favorite online store, your bank, your internet service provider or a government agency. Your first instinct might be to open the email right away. However, that can be a risky impulse: That seemingly helpful message might be fake.
Email scams involve messages disguised to look like they come from trusted sources, and they're becoming more sophisticated. These messages are sent from fake email addresses that look nearly identical to the real ones; they say just enough to raise your concern and entice you to respond.
A popular term for these email scams is phishing, which sounds exactly like what these cybercriminals do: fish for targets who will take the fake email bait and share private information.
Phishing is one of several types of fraud that often target older people, but anyone can fall prey. There's no need to feel embarrassed if it happens to you, but you can fight back by learning some of the warning signs and understanding what to do if you think you've been scammed.
How Email Scams Work
An email scammer typically uses a technique called spoofing to trick targets. That's when a person uses a phony email address that looks very similar to the real one you have in your contacts. In fact, the fake email may contain just one letter, number or symbol that's different from the email address of the person you trust. However, neither the sender's address nor the message within the email are the real deal. The message often includes a request for you to respond by clicking on a link.
What Scammers Are After
The problem is that — you guessed it — the link in the email contains a phony internet address leading you to a spoofed website. This fake site can then instruct you to provide sensitive information, like your password and account numbers, that you think is giving you access to a legitimate site. But, as the FBI warns, it's all a ploy for someone to steal your information. Then the scammer can use that info for themselves, often to access your financial accounts or open a new one by stealing your identity. In some cases, clicking on a link will install malicious software on your computer.
Warning Signs of Email Scams
According to the Federal Trade Commission, certain types of email messages should at least raise suspicion that the sender might be on a phishing expedition. For example, the email might say:
There's been some unusual activity or log-in attempts in one of your accounts.
There's a problem with your payment information.
You need to confirm or update some information in your personal profile.
You should click on a link to pay a bill, register for a government refund or retrieve a prize or store coupon.
Phishing scams may also encourage you to take urgent action based on the contents of the email.
How To Avoid Phishing
The FTC notes there are steps you can take to avoid email scams and make it more difficult for cybercriminals to pull off a theft.
If you receive a suspicious email that seems to be from an organization where you have an account, don't click on any link or attachment inside the email. To find out if the message is legitimate, call the official phone number or visit the official website separately.
Use multifactor authentication for accounts that are linked to your banking, credit card or other financial information. You can set up a log-in process that requires extra security credentials — like a numerical passcode, the answer to a question or a scan of your fingerprint or face — to get in. That way, even if a scammer manages to get your username and password, there's another layer of protection.
What To Do if You've Been Scammed
The FTC allows you to report a scam or identity theft and find out how to recover from any damages it causes. Both sites will ask you some questions about what happened and walk you through what you need to do.
Stay aware of red flags indicating a possible phishing scam. Knowing what to do if you come up against a scam — and how to react if you get snagged by one — gives you your best chance to protect your identity and your money.