Blog

Don’t Get Caught Falling for These Sneaky Spam Tricks

Don’t Get Caught Falling for These Sneaky Spam Tricks

I’m talking about when the heir to the Nigerian throne would reach out to your Hotmail account to help him secure his inheritance, or when an attractive woman or man you’ve never met before would email you out of the blue asking if you were single; spam has always been annoying, but back then, it was clearly just junk that could be ignored.

Today, it’s not so simple.

Here’s the thing though; those common email scams we look back on and laugh about today were common for a reason—they worked sometimes. Folks fell for them. Gullible widows wired cash overseas in the hopes that the Prince of Nigeria would share some of his vast fortunes with them, and life-sentence bachelors fell for the steamy romance that started with a canned email.

Modern spammers are driven by success. The goal isn’t to just flood your inbox with junk mail, but instead they see it as a numbers game. A certain percentage of users fall for different spam campaigns, and the scammers have learned over the many years that certain tactics have a better conversion rate. With these tactics, they know if they send x-number of emails out, a certain percentage of people will fall for the trap.

To protect yourself from dangerous spam scams today, you need to be aware of these tactics.

Email Spoofing

You wouldn’t expect an email from Amazon, Paypal, your bank, Microsoft, or Google to be dangerous, right? What about an email from your family or friends, your boss, or your partner?

Spammers can easily mimic email addresses that look legitimate in order to give you a sense of trust. Traditional email phishing attacks have been doing this for a long time, where the scammers pose as legitimate companies like Google, Amazon, or your bank. These types of attacks are easy to just blanket out to a million inboxes, because there’s a pretty good chance most recipients will have an Amazon account, or a Google account, or a Microsoft account, etc.

They can also be targeted toward specific contacts who definitely do business with an entity. If your bank suffers a data breach where the list of email addresses of their users are leaked, spammers can easily target all of them with personalized scams.

Thanks to social media, it’s also pretty easy to determine who a person interacts with in their daily life. You could easily look up a friend or colleague and usually figure out their family members, and with a little digging, figure out what their email addresses are. It only takes a little technical knowhow to spoof those email addresses and run highly personalized spam campaigns.

Homograph and Punycode Attacks

These tactics are a little harder to wrap your head around if you aren’t technical, but essentially this is one method scammers can use to make an email seem more legitimate. A homograph, in the English language, is where two words look the same and are spelled the same, but have different meanings. For example, the word bow (like a bow made of ribbon on a gift) and the word bow (like to take a bow after a performance), or the word tear (like what comes out of your eyes when you cry) and tear (the act of ripping something).

When it comes to online scams, homograph attacks are used to trick a recipient into trusting an email or website. It’s a little complicated to explain, but essentially non-traditional keyboard characters get translated to look like traditional letters. This means someone can easily spoof, say, Paypal.com, without actually owning or controlling the domain for Paypal.com.

Homograph and Punycode attacks don’t just take place in email either. Fake versions of legitimate websites can be created that steal information, and scam messages can be sent on various iOS and Android messaging apps and social media. Essentially, you need to be a little cautious whenever you receive any correspondence, anywhere. If something seems overly urgent or too good to be true, be a little skeptical.

Emails Compromise

Email inboxes can be hijacked altogether. This is one of the oldest methods for distributing spam and malware, and it still takes place today. If your email becomes compromised, either from a weak or stolen password, or by malware, it can send emails out to all of your contacts to continue to spread. 

The emails would come directly from your account, so to most recipients, it will look legitimate. When the recipient opens it, the process is repeated and it hits all of their contacts with the same spam. It just explodes outwards from there.

When someone doesn’t have very good cybersecurity hygiene, it can be ridiculously easy to gain access to their email.

For example, let’s say Bob uses the same password on his Netflix account and his work email. Bob shares his Netflix account with his kids, who log in on their mobile devices. One kid’s tablet gets infected with malware that steals passwords.

Suddenly Bob’s Netflix username and password are publicly up for sale on the dark web, in a big list with tens of thousands of other stolen accounts that this malware was able to grab. For less than a dollar, Bob’s record gets bought by scammers and cybercriminals on the dark web. Dozens of entities could now have it. It only takes one of those entities to think “hey, I wonder if this Bob guy uses the same password for his corporate Outlook account…” and voila! They are in Bob’s email with full control over everything.

They can email your contacts, read your messages, change passwords to other accounts tied to that email, request password resets from bank accounts, and so much more.

The cybercriminals can then use Bob’s email to scam his coworkers, his friends, his family, and his clients. Suddenly, Bob is just one of dozens or hundreds of victims in the middle of it all.

More often than not, your friends, family, and colleagues might be taking shortcuts when it comes to their cybersecurity, which means you could be one of their victims.

Preventing Scams and Cyberattacks is All About Being Aware and Skeptical

Since phishing attacks and other scams can be so hard to identify, the real defense against them is just being overly cautious. We recommend taking a zero-trust approach. If you didn’t request an attachment, and had no idea it was coming, don’t download it or click on it. 

If a bank account emails or texts you saying there was an unauthorized purchase, sit down at a computer and log into the account the same way you would normally, and not through the link sent in the email or text. 

You can build this culture of caution by making sure you don’t assume recipients should trust your emails too. If you send a contact an attachment, pick up the phone and call to let them know they are getting it, unless they are already expecting it from you. Even tell them why you are calling first, because you want to always take a security-minded approach to your correspondence.

Wear it like a sign of respect; and if you and everyone else starts treating email this way, it will lead to a much safer world.

If you get an email that looks suspicious, and want our techs to check it out, give us a call at 603-889-0800.

Related Posts

We discuss phishing often on this blog, and one method that often flies under the radar is smishing, or phishing that is conducted through SMS messages. Although email phishing is perhaps the most common method of conducting these scams, you should a...
Scams are everywhere in our highly digitized world, which makes it especially important that everyone is prepared to deal with them—both personally and professionally. The publication Consumer Reports’ cover feature for its August 2023 edition is ded...
Amazon Prime subscribers recently received an email from the online marketplace, warning them of the prevalence of scams that took advantage of their offerings and brand recognition. Let’s go through the advice that this email shared, and compare it ...
We talk a lot about phishing. What it is, what it does, and perhaps most critically, what it looks like. However, have you ever expected a phishing email to look like… nothing? As in, a completely blank message? If you answered, “no,” that’s exactly ...
A business’ operations are heavily influenced by the quality of its communications. However, the overwhelming number of options that are available today can make it challenging to decide how to invest in your technologies. Let’s talk about how you ca...
Phishing attacks have consistently been prominent in cybercrime throughout the past few years, not only due to their efficacy but also because there are so many avenues wherein phishing can be attempted. The first that comes to mind is email, of cour...
Email remains a cornerstone in business communications, often containing sensitive information and other data that really needs to be protected. Fortunately, modern email platforms often enable you to add a little bit of protection, so long as you kn...
How often do you receive emails from someone written in another language? We bet the answer is “not often,” but you never know when being able to translate an email might come in handy—especially if you ever do business overseas. Let’s go over the bu...
Sometimes the worst scams out there are the simplest ones. Hackers don’t need a fancy or complicated malware or algorithm to create chaos for your organization; all they have to do is convince you that the email you’ve received in your inbox is from ...
Let me ask you a few questions—first, how confident are you that you could spot an online ruse, and second, did you know there’s a stain on your shirt right now? Did you look? If so, you’ve just fallen for the school playground version of social engi...
Your company’s email is one of its most important pieces of technology, and since that is true for nearly every business, it is unfortunately one of the most utilized attack vectors used by cybercriminals. Most businesses don’t understand just how vu...
We’ve all seen our friends and family sharing quizzes on their social media profiles, prompting people to find out what their celebrity stage name or what Hogwarts house you would be in, or to share what their first concert experience was. These fun,...

Onsite Service Coverage Area

Although we provide remote services and support to businesses in over 20 states, onsite services are limited to within reasonable driving distance from our offices in NH.  We will manage a local vendor for locations outside of our service area to provide onsite assistance when needed.

 

Onsite Computer Support Services are available to businesses within 60 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH, and then down into Boston. From Northern and Central Mass, we cover from Worcester, east to the North Shore, including the Salem NH and Portsmouth NH area.

White Mountain IT Services

 


33 Main St, Suite 302
Nashua, NH 03064

 


121 Riverfront Drive
Manchester, NH 03102

 

Client Help Desk      603-889-2210

New Client Inquiries   603-889-0800

Open Positions