Just because you know that an email is a phishing attempt, doesn’t make it safe for you to play along. Discover the dangers of engaging scammers online.
Most of us find phishing emails in our inbox each month—Some of them are so outrageous that they make us laugh out loud.
How many times have you read emails from scammers trying to entice you to hand over cash and personal information? Some use stories about foreign princes who’ve chosen you to help them move millions of dollars to offshore. Or, emails saying that you’ve won a lottery that you never entered? There are many different scams out there. The only thing they have in common is a preposterous back story, and poor English that’s riddled with spelling and grammar mistakes.
These phishing emails are so outrageous that people typically recognize them. But, cybercriminals are getting smart. Their scams are becoming more difficult to identify. However, there are always clues if you look hard enough. You can stay safe if you follow some basic rules:
- Don’t download attachments you aren’t expecting.
- Call a company or individual who requests information so you can verify the email came from them and not a criminal.
Policies and Training
Make sure your company has procedures and professional security training in place to help your staff recognize and properly handle potential phishing scams. Bring in an IT security professional to:
- Train new employees on email security polices as soon as they come onboard.
- Conduct refresher training for current employees each year.
- Give phishing tests to see how your team scores.
Fighting Back Against Scammers
Some people want to fight back against the scammers. There’s even a name for this online vigilantism—It’s called “scambaiting.”Websites like Vice run humorous articles about tricking scammers. And, spambaiting videos are very popular on YouTube.
Entire websites such as 419Eater and Mac’s Bait Store are dedicated to providing tips on how to scambait successfully. Most of these stories portray spambaiting as a fun and exciting intellectual challenge.
Is it Spambaiting Worth It?
Honestly, I realize how the idea of spamming a scammer can seem like a mildly amusing diversion. Yet, if any of my clients asked me if it’s worth engaging with a scammer, I would tell them, “No.”
There’s never a reason to respond to someone that you believe may be trying to take advantage of you. While it’s amusing to read the stories about how others have retaliated, and what they did to turn the tables on scammers, it doesn’t mean that you, or anyone in your company, should try to do the same. After all, these scammers are criminals, and nothing good can come from communicating with people who make a living by conning people.
Don’t Respond to a Scammer’s Email. Here’s What Can Happen If You Do.
Although you have little to gain from responding to someone who sends you a phishing email (except a fleeting feeling of moral justice), there is a lot you can lose. When you respond to a phishing email, you’re telling the scammer a lot more about yourself than you can imagine.
First, when you respond to an email, you acknowledge that the email address is still in use. It can prompt the scammer to place your email on a list of active addresses that can trigger more email scams. This is just the beginning of the information you’re unintentionally providing to the scammer.
As you probably already know, every email has a header. It’s easy to see some of the information that’s included in the header, like the time the message was sent, the email address of the person who sent it, and the recipient’s email. But what you may not know is that there’s a lot more hidden information in the header. One of the most valuable pieces of hidden information that scammers can use against you is the pathway to your inbox. When a scammer knows the name of your server he can easily find out the general area from where you’re connecting to the Internet.
Once a scammer finds out your general location, it’s simple for him to look up the kind of information you really don’t want a criminal to know, like your social media accounts, your phone number, and even your home address.
So, What You Do?
My best advice to avoid becoming the victim of an email scam is to delete any suspicious emails from unknown persons without opening them. If you ever receive an email from a legitimate contact asking for personal information, don’t reply. Instead, call the person directly on the telephone and confirm that he’s the person who emailed you. If possible, provide the required information over the phone.
Three of the Most Advanced Phishing Scams to Avoid
Unfortunately, not every phishing attempt is so blatantly obvious. There are a few email scams out there that can fool even the most attentive person. Learn more about these three advanced phishing scams and ways to avoid them:
Remember that you can report phishing and other email scams by forwarding suspicious email messages with their complete header to: spam@UCE.gov