Whether you are a working professional or a homemaker, can you imagine a day without emails? We can bet that a single day cannot pass without your phone beeping with a new email’s notification at least once. This is the power and outreach of emails which has, unfortunately, made them the chosen media of executing cybercrimes too. Here’s a list of the common email scams that one should be wary of.
The Widespread Use of Emails
Did you know that the number of emails sent each day is nearly 105 billion? Experts predict it to reach 246 billion before 2020. Furthermore, the number of email users worldwide shall rise to 2.9 billion by 2019.
At present, email is the most important application on the internet for communication and execution of transactions.
Although some prognosticators think that emails shall soon be extinct, it is still the chosen mode of communication for most. It is an open and decentralized platform available for anybody and everybody to use. Therefore, in spite of newer solutions, email continues to be the most flexible and cost-effective solution for all purposes.
The Rise of Email Scams
It is the cost-effectiveness and easy usability of emails that has spelled doom for its users as email scams.
The email platform is being constantly and increasingly misused by cyber conmen to defraud and cheat users. Some common examples of email misuse include spams, phishing e-mails, distribution of child pornography, and hate emails besides propagation of viruses, worms, hoaxes, and Trojan horses.
Here are some common email scams that netizens are vulnerable to.
1. Phishing
Phishing is one of the most prevalent email scams at present. Do you know that 76% of businesses reported being a victim of phishing in the year 2017?
In such email scams, the victim receives a mail that looks like it’s sent by a trusted entity or organization. Fraudsters use this simple technique of social engineering to deceive the victims into clicking on a malicious link.
The link usually leads to a look-alike website that prompts them to provide their personal details. However, this is nothing but a trick for crooks to have their details so that they may later misuse them for stealing funds or identity theft. In some cases, clicking on the malicious link can also lead to the installation of malware on the victim’s phone or computer.
Phishing Attack Example
What Happened?
A massive phishing attack targeted 1 billion Gmail users in May 2017.
1. Cyber criminals delivered the worm to users’ mailboxes as an email from a reliable contact. It prompted users to open an attached Google Docs file.
2. On clicking, a look-alike Google security page opened up. Users were then deceived into giving permission to the fake application for managing their email account.
3. Worse still, the worm reproduced by sending itself to all of the victim’s contact – Gmail and others.
Source: https://auth0.com/blog/all-you-need-to-know-about-the-google-docs-phishing-attack
The Potential: With control over the victim’s account, scammers could harvest their personal data for malicious objectives. They could even reset the passwords of platforms linked to the Gmail account and take over their online banking, Facebook, and online shopping accounts.
Response: Google claimed that none of their user’s data was misused. Furthermore, they disabled the malicious accounts and pushed updates to all users.
2. Advance Fee Fraud
Also known as Nigerian scam, such email scams lure victims into making an advance payment in exchange for a favor. Usually, the email promises a large sum of money or other rewards such as jobs, scholarships, gifts, loans etc. in exchange for a processing fee.
Once the victim makes the payment, the fraudster leads him/her into a web of lies for extracting more money. Else in certain cases, the perpetrator simply vanishes!
Nigerian Scam Example
What Happened?
Fake job offers purporting to be from reputed enterprises (Larsen & Toubro Ltd. in the example below) are on the rise.
1. The victim receives a fraudulent email purporting to be from a reputed MNC or organization.
2. The attached offer letter bears the logo of the organization and promises a hefty pay package and remuneration.
3. The victim is then asked to deposit a refundable security amount in the designated bank for attending the face-to-face interview.
Source: https://www.jagoinvestor.com/2013/10/beware-of-fake-emails-scams-asking-for-password-critical-information.html
The Potential: Hapless job seekers receiving such emails often fall prey to the scam and end up paying the deposit. It is only when their calls or emails are not answered that they realization of having cheated dawns upon them.
Response: Almost all major MNCs and IT firms have issued a notice on their websites to warn job seekers of such frauds and dissuade them from making any advance payments for attending interviews.
3. Online Dating Scams
Although online dating and matrimonial platforms have offered much relief in the match-making scenario, they have reaped unscrupulous outcomes too.
What Happens?
Fake calls from the customs department dupe victims in online matrimonial scams.
1. The fraudster befriends the victim on an online dating or matrimonial platform. Usually, he/she poses as a foreign national or NRI.
2. Eventually, he/she then moves the conversation to emails or social media chats.
3. The fraudster takes no time in confessing his/her love for the victim and soon wins over the latter’s trust.
4. Using greed to dupe the victim, the fraudster sends him/her the list or photographs of expensive gifts that he/she sent.
5. The gifts are usually high-end bags, clothing, perfume, make-up, or gadgets.
6. The victim then receives a call purportedly from the airport’s Customs Department. The fake customs official asks for a payment of customs duty for the clearance of the gifts at the airport. The amount demanded can range anywhere between a few thousand to several lakhs.
7. Once the victims pays the money, the “friend” vanishes.
Source: https://www.truthfinder.com/infomania/safety/nigerian-scammers
4. Lottery Scam
In this type of Nigerian Scam, the victim is lured into making an advance payment for claiming a lottery reward.
Lottery Scam Example
What Happened?
Many duped by a fraudulent
Lottery Scheme under the names of legitimate Spanish lottery houses such as Loteria Primitiva and El Gordo.
1. The victim receives an unsolicited email notification about winning a reward in a lottery or sweepstake.
2. The winner is then prompted to contact a claim agent and make an advance payment. The common pretexts include insurance costs, courier charges, bank fees or government taxes.
3. Usually, the email presses the victim to ‘respond quickly’ to avoid missing out on the reward.
4. Most victims ended up making the payment only to realize that the trap later.
Source: https://securelist.com/congratulations-youve-won-the-reality-behind-online-lotteries/36450
5. Charity Scams
Charity scams are one of the newest types of email scams doing the rounds of late. Scammers use fake charity names or impersonate genuine charities to exploit people’s compassion and generosity. The financial losses of victims in charity scams have increased steadily over the last couple of years. Such scams escalate during natural disasters or emergencies such as floods, earthquakes, cyclones, and wildfires.
What Happens?
1. Scammers send an email posing as a genuine charity seeking a donation. The donations range from relief for natural disasters to medical help.
2. Sometimes, they also attach photos of sick children who need medical attention.
3. Often they provide links that lead to a fraudulent look-alike website.
4. Scammers usually avoid electronic modes of payment and insist victims on making a cash payment.
5. The victim either does not get a receipt or receives one that does not have the charity’s details on it.
Source: https://securelist.com/the-japan-crisis-an-it-security-timeline/35965
Combating Email Scams with Texial
The Center for Cyber Security or Texial is a cyber and digital forensics research organization located in Bangalore and Chennai. With a state-of-the-art digital forensics lab and a team of the best-in-class experts, Texial strives to conduct cutting-edge forensics research. It seeks to assist law enforcement agencies and other organizations with the latest cyber defense mechanisms and also conducts regular seminars and awareness campaigns.