This post may contain affiliate links which may compensate us based on your interaction. Please read the disclosures for more information.
Over 300,000 phishing schemes were reported to the FBI last year, with many more likely unreported. Here’s how to protect yourself.
Email scams are on the rise. And sadly, criminals are getting more and more creative about finding ways to steal your cash. One common ploy is phishing — where hackers pretend to be a company or organization you trust so they can steal your confidential information. Phishing accounted for the highest number of internet crime complaints made to the FBI last year.
According to FBI data, criminals made off with $52 million through over 300,000 phishing schemes in 2022. Phishing emails might try to trick you into opening a file containing malware. Or they could direct you to a spoof website that looks like a real one, but steals your login information. Or they might give you false information about making a payment. Read on to find out how to spot scam emails and how you can protect yourself.
How to spot a fake email
Some phishing attempts can be relatively easy to spot. Others can be extremely targeted and sophisticated. The FBI highlighted a case where home buyers received a fake email, supposedly from their real estate agent with instructions on where to wire their $400,000 escrow payment. They made the payment, not realizing it was a fake message. In this case, the internet crime division was able to recover the money.
I recently received this email that pretends to be from Coinbase, a cryptocurrency exchange where I have an account. It bears many hallmarks of a scam email.
The sender email address is incorrect: It doesn’t come from Coinbase, it comes from a random gmail address. Plus, the sender is “Coinbase Team !” rather than just Coinbase. Other phishing emails might be more sophisticated, using a slightly misspelled domain name. In this case, it might have come from something like support@coinbse.com.It isn’t directed to me: My email address is not in the “to” box. Plus, the email doesn’t start with “Dear Emma” or any other personalized salutation. You might get an email that starts with “Hi” or “Dear customer.” Normally, my emails from Coinbase are addressed to me.It tries to scare me into action: I panicked when I first opened the email because I hadn’t bought (and didn’t want to have bought) over $1,000 worth of Bitcoin (BTC). That fear nearly made me click on the attachment to find out about the transaction. Other ploys might be to tell you there is a problem with your account or offer you something for free.The language is slightly off: The grammar or wording of phishing emails is often poor. In this case, the text that says “mentioned below with pdf” isn’t great English.
What to do if you receive a scam email
Luckily, I didn’t open the attachment. And I haven’t bought $1,036 worth of Bitcoin. After I’d taken a screenshot of the message, I marked it as junk and then deleted it. Marking it as junk means Gmail might get better at recognizing future phishing emails. Then I logged on to my Coinbase account to check there was no strange activity there. Here are some other steps you might take.
Contact the company directly
If the phishing email says there is an issue with your account or something that needs to be resolved, get in touch with the company. Open a new browser window and go to its website. You could also call, or if it is a bank, use its app. What’s important is that you don’t use the link you’ve been emailed — use contact information you know is correct.
Report the issue
If you do accidentally click on a scam link or attachment, there are steps you can take to protect yourself. Go to IdentityTheft.gov and fill out the form. It will tell you what to do based on what information might have been released. For example, if you’ve accidentally shared banking information, you can contact your bank to close the account and open a new one.
If criminals have your Social Security number, go to AnnualCreditReport.com to request free copies of your credit report from all three bureaus. You might also consider freezing your credit, which limits who can do a credit check using your information and makes it hard for someone to create an account in your name.
Run a virus scan
If you are worried, particularly if you’ve opened an unsafe attachment, run a scan on your computer. It should pick up any ransomware, viruses, or malware on your system. It’s important to keep your antivirus software up to date so it can pick up the latest threats.
How to protect yourself against phishing attacks
One of the best ways to protect yourself against scam emails is to be vigilant and look for the warning signs. In an ideal world, your email spam filter will weed out these types of messages, but if it doesn’t, relying on your instincts is the next best thing.
Alert: highest cash back card we’ve seen now has 0% intro APR until nearly 2025
If you’re using the wrong credit or debit card, it could be costing you serious money. Our experts love this top pick, which features a 0% intro APR for 15 months, an insane cash back rate of up to 5%, and all somehow for no annual fee.
In fact, this card is so good that our experts even use it personally. Click here to read our full review for free and apply in just 2 minutes.
We’re firm believers in the Golden Rule, which is why editorial opinions are ours alone and have not been previously reviewed, approved, or endorsed by included advertisers.
The Ascent does not cover all offers on the market. Editorial content from The Ascent is separate from The Motley Fool editorial content and is created by a different analyst team.Emma Newbery has positions in Bitcoin. The Motley Fool has positions in and recommends Bitcoin. The Motley Fool has a disclosure policy.