December 12th 2024.
In today's digital age, staying vigilant is crucial. Email scams have become a common nuisance, and let's face it, they're already bad enough. Have you ever received a message with 72 exclamation marks? Or wondered if it's safe to ignore an email for two months? These are just some of the things that we constantly have to deal with in our inboxes.
Unfortunately, scammers are now adding to this headache by clogging up our inboxes with their fraudulent emails. At first glance, these emails may seem like any other message in your inbox. However, they often come with a hidden agenda – to trick people into giving away their personal information such as passwords or credit card numbers. This tactic is known as 'phishing'.
In 2025, a cybersecurity firm found that phishing attacks are not going away anytime soon. They have identified the most widespread email threats that we should watch out for. One of these scams is known as 'file-sharing phishing'. It may sound complicated, but it's actually quite simple. Scammers pose as file-hosting or e-signature services, such as Dropbox or Docusign, and try to trick people into giving away their private details.
In one example, a scammer sent an email to faculty members at a high school, sharing a document on Google Docs. The document was titled 'staff and payroll update', making it hard for teachers to resist clicking on it. However, the link in the document led to a spoof website where the user was asked to log in with their Microsoft 365 account. This login screen was hosted on scripts.google.com, which is a legitimate domain for Google Apps Script. This may seem like a harmless request, but any information entered on this page would be stolen by the scammer.
Another tactic used by scammers is AI-generated emails. With the advancement of technology, scammers are now using AI to make their emails more convincing. By analyzing data from social media and past interactions, they can generate personalized messages that mimic the writing style of the impersonated individual. This makes it harder for traditional security measures to detect and deceive unsuspecting recipients.
There are two forms of AI-generated emails – business email compromise and vendor email compromise attacks. In the first type, scammers use AI to pose as someone's boss or colleague, using a spoof or look-alike email domain to make it seem more legitimate. In the second type, they pretend to be suppliers. However, scammers have also started hijacking people's actual emails. By gaining access to someone's inbox, they can exploit email threads and trick people into giving away their personal information.
Cryptocurrency fraud is also on the rise. Cryptocurrencies are meant to be a secure and untraceable form of money, which is why scammers love them. One common tactic is for scammers to send an email pretending to be from a company that offers crypto hardware storage solutions. They claim that there is maintenance going on with the crypto network and to restore access, the recipient needs to click on a link and update their details. The link leads to a fake page where the user is asked to input their recovery phrase. This is a dangerous tactic as the recovery phrase is a less common authentication method, making it easier for the scammer to steal it.
So, how can we protect ourselves from these scams? The first step is to be cautious. If you receive an email that doesn't feel right, don't hesitate to report it. You can contact the organization directly using the contact details on their official website. Do not use the number or web address provided in the message as it could be fake. Remember, your bank or any official source will never ask for sensitive information through email.
If you're unsure about an email, you can report it to the Suspicious Email Reporting Service at
[email protected]. They will check it and let you know if it's a scam. It's better to be safe than sorry. You can also report suspicious text messages or scam call numbers to 7726. Your provider can find out where the text came from and block the sender. If you've lost money or provided financial information due to a phishing scam, notify your bank immediately and report it to Action Fraud at actionfraud.police.uk or by calling 0300 123 2040. In Scotland, you can call Police Scotland on 101. Let's all stay vigilant and protect ourselves from these scams.
[This article has been trending online recently and has been generated with AI. Your feed is customized.]
[Generative AI is experimental.]
