Over the last twelve months, we have encountered any number of new email scams. Cybercriminals have become bolder, trying out new methods in an attempt to trick us into revealing our sensitive information.
Unfortunately, despite an increasing awareness of these email scams, they are not stopping.
We’ve compiled a helpful list of the top scams cybercriminals are trying out and what you need to watch out for in 2023:
1. The friend in need
This is a classic. An email appears in your inbox from someone you know, telling you they need help. The cybercriminal could be posing as your mother, your friend at work or someone you play football with at the weekend – ultimately their goal is the same. They say they’re in a sticky situation and need some help paying their bills, or to borrow some money for a one-off car payment (but don’t worry, they’ll pay you back by the end of the month!) don’t fall for it! This is a common tactic that cybercriminals use to try and get you to transfer money or disclose your bank details – if anyone ever asks you for money online, say no until you can validify the claim in person.
2. The government scams
This email scam is much more formal and will impersonate a gov.uk address, claiming to have details of a tax update, or that there have been changes in your area in line with new laws. The detail will be minimal, and you will be directed to click on a link to see updates.
3. The contest winner
Who doesn’t love winning things? Especially if it’s free. That’s why when an email lands in your inbox telling you that you’ve won a contest or a prize like a free holiday, restaurant vouchers or tickets to an event, you’re going to want to click and redeem your prize… which is exactly what cybercriminals are counting on. These emails work by offering you something too good to refuse, prompting you to click a link and enter your details to win, but, if you do this, you are only providing the cybercriminal with information and risking your device being infected.
4. The problem with your account
These emails will impersonate a trusted brand that you have an account with, like Microsoft or Google. They will inform you that your password is expiring, or your billing information needs validating/updating, otherwise you might risk losing access. The aim of this is to get you to enter your private information, therefore giving the cybercriminal the information they need to go back later and infiltrate your private accounts.
5. The scare tactic
These emails aim to get you to act impulsively and without thinking. They will often include phrases like ‘virus detected on your account’ or ‘your account has been compromised’ with the aim to get you to either click on a link and download a virus scanner (which will actually be a virus) or input your username and password.
6. The lost package
This type of email scam has become increasingly popular alongside the increased demand for online shopping. The cybercriminal chances the fact that you have a package out for delivery and sends an email impersonating a brand like DPD or DHL either containing a tracking link or asking you to confirm your delivery address. In both cases, these links will be loaded with malware ready to infect your device.
7. The work email
This scam tends to impersonate a brand like Dropbox or Google Drive, usually providing you with a link to some files that have been shared with you. The files will have a generic name like, ‘September Results’ or ‘team meeting follow up’ prompting you to click to see what has been shared with you.
8. The boss
Impersonating your boss via email is also known as CEO fraud. Cybercriminals will often target someone working in finance with these emails, choosing a time when the CEO is known to be on holiday or out of office – they will request information or a money transfer and say that the request is urgent and needs to be sent immediately. This is designed to instil panic in the recipient and get them to act without following proper protocol.
9. The unusual activity
This scam is similar to ‘a problem has been detected on your account’ however it differs by introducing a third party, suggesting that unusual activity has already been detected (i.e., someone is trying to hack into your account) and prompting you to quickly update your password to further protect it. By updating your password, you are handing your password to the cybercriminal, so think twice before you do this – if you’re unsure what to do, navigate to the account independently to see if your password truly has been compromised.
10. The “omg is this you, what were you thinking?!”
This is a great one, it works using a tactic to immediately scare the recipient, imagining the worst thing possible. The email will contain a link, supposedly of a picture of you doing something embarrassing or incriminating. Don’t click on it! This malicious link will be used to install malware on your device. Think rationally about where the email has come from and what it could contain and once you’re over the initial stab of fear, you’ll realise that it’s nothing more than a nasty trick.
How Boxphish can help
For more information on how you can protect yourself from email scams, check out our cyber security training. We also offer phishing simulations, designed to make you familiar with the tactics cybercriminals use and what to watch out for. Find out more on our website or book a demo to speak to one of our team.