It happens to the best of us. You get an email that looks like it's from a friend, family member, or even your bank. It's not until you click a link they've provided that you realize … something's not right.
Spam, malware, phishing, ransomware — it's the stuff of savvy cybercriminals out to steal your identity, money, and hold your high-tech life hostage. Hopefully, you have a tough email spam filter and updated security software, but every once in a while a fake slips through. Here's how to recognize, and stear clear of, the most common scams landing in inboxes today.
Phishing scams are all about fraudsters trying to dupe you into giving up private account information or passwords. The way it works is you get an email that looks like it's from your bank or other trusted company, such as eBay, PayPal, Amazon, Sony, or Apple. Criminals want you to follow a link or even call a phone number listed in the email.
Here are two emails that I received recently. Can you spot the fake?
Spoiler Alert: They are both fake — and there are a lot of little clues if you look closely enough. For instance, in the subject line of the "Apple" email, it says "Informations" rather than "Information." These kinds of nefarious emails are often loaded with little errors, vague or generic language, and the sender's email is often similar to a company's official email address, but not exactly the same.
The criminal's goal is to get you to click a link, then supply them with your username or password so that they can gain access to an online account. Once they gain access, they can use your personal information to commit identity theft, charge your credit cards, empty your bank accounts, read your email, and lock you out of your online account by changing your password.
A legitimate business email should never ask for private information such as an account number, card PIN, Social Security or Tax ID number in an email messages. If you think an email is suspicious, don't click on any links. Contact that business from its website or better yet, call them via a customer service number they provide on their official website..
THAT'S NO PRINCE
The Nigerian scheme (also dubbed "419" for the Nigerian Criminal Code that outlaws fraud) is a long-running tradition in the world of scam emails. The scammer usually claims to be a Prince who is reaching out to you personally after the death of a loved one. I've had several of these land in my inbox lately also claiming to be from a member of the U.S. Military. He seeks to relocate a large fortune out of the country and into your bank account. The story often goes something like this: "You're the beneficiary of a ton of cash, but we just need you to give us your bank info and for you to submit small payments for fees in order for you to get your cut."
Spoiler alert: There is no Prince. You never get your cut. These scams rake in around $13 billion a year. Hit Delete. Send to Spam. Keep dreaming — that's free.
THE SOB STORY
I just opened an email from someone named "Julie" inquiring about my room for rent. Here's the content of the email, cut and pasted with no changes in spelling or grammar:
Hi I'm very interested in you're room for rent craigslist ad and wondering if you would except a couple we have been living in a hotel due to my mother's death and it's just way to expensive going to be living in our car soon if we don't find something please get back to me thank you so much
Spoiler alert: Sorry, "Julie," I don't have a room for rent. Also, there's an excess of grammatical mistakes and no punctuation in that email, which makes me question whether you're actual human or some sinister spambot. Fake!
This was an easy scam to spot since I'm not renting out a room in my house, but "Julie's" tale of woe is a familiar red flag. These crooks try to tug on your heart strings and take advantage of your generous nature. These kinds of scams often pretend to be from a friend or family member who needs help paying medical bills, bail to get out of jail, or money to buy a plane ticket back to America after being robbed overseas.
Whatever you do, don't click any links, call strange phone numbers provided in emails, or pay a stranger who's reaching out to you in an e-mail. If something smells phishy, it very likely is.
YOU'VE WON BIG
This is my favorite. These are the emails telling you that you've the lottery, some huge contest you've never even entered, or inherited a bajillion dollars from an eighth cousin ten times removed:
I have gone through your file and my extensive investigation confirmed that you are the original beneficiary shortlisted to receive this fund but only the total sum of Seven Million United States Dollars ($7,000,000.00 USD) was approved for payment.
Spoiler alert: You didn't win anything. Evil, I know.
When you win a real lottery, you contact the appropriate retailer, not the other way around. You also know it's fake when someone asks you to pay to redeem your cash prize or your diamond ring. No one should have to pay for prizes. That includes fees! You shouldn't have to pay any shipping or processing fees of any kind. These are just the scammers' way to get your bank info.
Another "prize" to be won is a bulk of money that you'll receive as a check. When you get the check, the scammers will ask you to wire some of the money back, but the check will be fake so you never had the money to begin with.
BE YOUR OWN BEST SPAM FILTER
It's great to know how to catch spam, but you can do a couple things to spare your sanity and eliminate spam altogether.
Code your email address. If you're sending your email address to anyone in a public, online forum — Twitter, Craigslist, Facebook — always type it out like this: janedoe (at) gmail (dot) com. When it's typed like that, robots crawling for unsuspecting addresses won't pick it up.
Report phishy emails. Hopefully, most spam is going straight to your spam email box, never to see the light of day. If some does sneak through, make sure to mark "Report Spam." Your email provider will move it to your spam folder and learn to block any future messages like it.
Document it. If you want to take an extra step for the greater good, you can report these spammers by forwarding their messages to the Federal Trade Commission at firstname.lastname@example.org. This is the agency responsible for making cases against spammers and holding them accountable.
Spam can get to the best of us, but you can't be too careful when it comes to protecting your personal information so take precaution by looking for these tell tale signs of Internet hoaxes. Be sure to let us know about recent spam message you've received in the comments section below. And remember, seniors are often a huge target, so make sure to fill them in too.
Jennifer Jolly is an Emmy Award-winning consumer tech contributor and host of USA TODAY's digital video show TECH NOW. E-mail her at email@example.com. Follow her on Twitter @JenniferJolly.