If you’ve ever had an email account, chances are you’ve received at least a few suspicious messages that turned out to be phishing email scams. These phishing messages are fraudulent and deceptive emails that attempt to trick recipients into disclosing sensitive information or taking harmful actions.
While there are plenty of badly written emails out there, not all of them have criminal intent. So, what exactly makes something a phishing scam?
This is a common type of fraudulent email that seeks to steal sensitive information such as your bank details or passwords, often via a link or a direct request for information.
For example, you may be sent a link that appears to be a tracking link for a parcel you’re expecting, but it’s not from a legitimate company.
But what is the point? How do email phishing scams work, and what do they steal?
This type of cybercrime is often used as a starting point for further attacks; once you click a link within the email, ransomware or malware may be installed on your computer. This allows the scammer access to your files and can prevent you from accessing your devices – inconvenient at best but potentially incredibly disruptive if you can’t get access back.
While most inboxes are quite good at automatically sending such emails straight to your ‘spam’ folder, scammers are unfortunately becoming more sophisticated in their attacks – and phishing emails are becoming more difficult to spot. Vigilance is paramount, as 3.4 billion spam emails are sent daily. Even if you think you’re technologically savvy, it’s still best to be cautious.
In this article, we take a look at four email phishing scams that are rife in 2024.
- 1. Holiday Bookings Phishing Attacks
- 2. Phishing Attempts Regarding Refunds
- 3. Debt Collector Phishing Scams
- 4. Social Media Phishing Attacks
- What Should You Do with Phishing Emails?
- How Can I Protect Myself from Phishing?
1. Holiday Bookings Phishing Attacks
Holidays are expensive, and with the cost of living higher than ever, it can be tempting to search for cheaper deals in alternative places such as social media or private home rental sites.
Sadly, it isn’t uncommon for holidaymakers to book flights, pay for accommodation, and set off – only to get to their destination and discover that their chosen holiday rental doesn’t actually exist or isn’t booked.
Many businesses send emails, and it’s a great marketing tool to attract or re-enable customers. Scammers take advantage of this by sending emails offering limited-time deals on holidays, urging you to act quickly to secure the price or pay a deposit immediately. You feel like you’re getting an exclusive deal, but the reality is very different.
These emails often contain links to a phishing website, which is a fake site designed to steal your personal information.
The links in these emails will take you to a cloned version of popular holiday sites such as Airbnb and Booking.com, but it’s all fake.
Sadly, the worst part is that many people remain unaware that it’s a scam until they’ve already caught a flight to their destination.
What Can I Do About a Suspicious Holiday Email?
It’s always best to book your holidays on the official holiday booking sites, which you can check by looking for the padlock symbol on the far left of the URL bar in your browser.
This means the site is using HTTPS, a secure encryption feature that protects any data shared between you and the site. Be cautious of suspicious emails that may contain links to fraudulent sites.
You should also carefully check the URL – if in doubt, research the company – and be sure to pay using a credit card to protect yourself against fraudulent holiday bookings.
2. Phishing Attempts Regarding Refunds
Scammers rely on consumer trust in brand names to ensure that their malicious activities go unchallenged.
Posing as major companies, particularly energy suppliers, these criminals send emails announcing that you’re entitled to a refund on your energy bill due to a miscalculation and ask for your personal and financial information.
Of course, if you receive such an email and don’t use that supplier, it will automatically raise a red flag in your mind. But for many who do, it can be all too easy to follow the link and enter their bank details, hoping to put a little extra money in their pocket.
How Can I Check if a Refund is Legitimate?
If you aren’t sure if a refund offer email is legitimate, you can always call the company to check – using the official number found on their website, not any included in the suspicious email.
Another factor that gives away a refund phishing attack is whether or not you asked for one.
Most major suppliers never email customers to request bank details or account numbers. Plus, if you pay by direct debit, they already have them on file.
3. Debt Collector Email Phishing Scams
A more vicious approach to phishing is when scammers send emails posing as debt collectors. Everyone’s heart skips a beat when they receive an email or a letter demanding payment, and cyber criminals in 2024 are honing in on this vulnerability, often to facilitate identity theft.
While these emails can be scary to receive, fear only plays into the cybercriminals’ hands as they hope you act urgently and ignore the red flags.
The scammers behind these types of emails usually pose as companies that have gone out of business recently, making it harder to ascertain their authenticity. You may even be addressed by name, as when a company goes bust, there is a higher risk of confidential data leakage as files are passed through multiple agencies.
Good Indicators to Look Out For
Do your research to ensure the debt collection agent is a verified, licensed individual within a certified company before paying them any money. Any supposed debt collector should be able to tell you:
- Their name
- Their address
- Their company name
- The company number and licence details
- Clear information about the debt that matches your own records
Remember, the urgency of a call or email can be a clear indication that something is wrong. Additionally, the collector should already have your personal information – they won’t need you to give them all the details. Be cautious of anyone asking for your personal and financial information, as this could be a scam.
4. Social Media Phishing Attacks
Another common type of phishing attack involves targeting your social media accounts. While phishing attacks often aim at stealing money, social media accounts can be even more valuable to the right person than social security numbers.
Facebook, Instagram, or Twitter Accounts
Most scammers use popular social media platforms to send text messages that lead to a suspicious website resembling the real website and ask for login credentials.
What Should You Do with Phishing Emails?
You should report phishing scams and any phishing emails. You can do this directly to the company the scammer is trying to impersonate or to the Federal Trade Commission.
By reporting email phishing scams, you reduce the risk of others falling for them. Another way is to have a powerful business email platform like Hostopia’s Business Email. Our partners offer their customers a robust platform for their email with their own domain name, something Hostopia also offers its partners.
To help you understand more about business email, it’s important to focus on what it provides to companies. A domain-based email address can help build trust. According to a recent study, 75% of consumers say professional email is paramount for building trust.
How Can I Protect Myself from Phishing?
Scammers rely on information. Spear phishing is a type of targeted phishing attack that focuses on a specific individual or organization.
Spear phising attacks are very common nowadays and popular anti-virus providers note that can’t always be avoided; even if you’re closely looking at what you’re downloading.
So, to keep your devices secure, you should take extra security measures to lock down your data.
Consider changing your passwords regularly (particularly after a phishing attempt) and adding two-factor authentication where possible. This way, if the scammers have successfully managed to get some of your information, you’ll be better protected.
You should also keep the software on your computer up-to-date. This will add a layer of protection that can filter out malicious activity, so don’t be tempted to delay updates until a later date.
Partners also side with robust and scalable web services companies. Hostopia allows its partners to boost their portfolio with more web services catered to small businesses worldwide.
Closing Thoughts on Email Phishing Scams
With technology evolving as rapidly as it has over recent years, honest individuals and cyber criminals have access to many innovative tools to help them fine-tune their online communications.
This means it’s more important than ever to take a deep breath and think carefully before impulsively responding to any email requesting sensitive information from you, as it could be a phishing attack. By following these tips and staying vigilant, you can avoid falling victim to these popular phishing scams in 2024.
For more information about Hostopia’s web services portfolio, please visit hostopia.com or email us at learnmore@hostopia.com.
Author details:
Brent Fisher, Consultant | Researcher
Digital Content & Media
