Phishing Scams: How to Spot Suspicious Emails

Updated August 17, 2021
Published November 6, 2018

By the end of 2020, the U.S. had 2.2 million fraud reports. Fraud losses totaled $3.3 billion. And 15% of the fraud was through email.^[1] We give our email addresses online, in stores and over the phone. By doing so, we could be making ourselves vulnerable to fraud and identity theft. Email providers have spam filters in place, but good phishing emails can be difficult to identify. Meaning, those pesky phishing emails may still find their way to your inbox. Keep reading to learn what phishing is and how to avoid the scams.

What is phishing?

Those suspicious emails are called phishing (pronounced fishing). Phishing is when a person or group tries to steal your financial or personal info through “social engineering techniques.” These include emails, vhishing (voice/phone call phishing), smishing (instant message or text phishing), social media campaigns or even in-person visits.^[2] Phishing emails look like they’re from a company you know or trust, and usually have a convincing tale to trick you into opening a link or attachment. What’s in it for them? They want your personal information to get access to your email, bank and other accounts.

Per the Federal Trade Commission, fake stories could include:^[3]

Claims of suspicious account activity or login attempts
Problems with payment or account info
Demands for you to confirm personal info
Fraudulent invoices/bills
Eligibility to register for government funds
Coupons or claims for free stuff

The phishing game is strong

We’re all at risk of falling for the lure especially with phishers getting smarter and more daring with their tactics. With easy access to your phone, there isn’t much we can’t or don’t do online. And with the pandemic aftermath, government tax credits and stimulus checks, unemployment claims and more, cyber fraudsters have plenty to work with.

According to a 2021 Verizon report:^[4]

Quarantine has helped amp up phishing frequency
Phishing is the top action in various data breaches
Phishing is present in 36% of breaches
This is an increase from 25% in 2020

What are some common phishing scams?

Phishing scams can be nerve-racking. But by becoming familiar with common scams, like fraudulent hyperlinks, you could avoid becoming a victim.

Ron Shuck, Senior VP Chief Information Security Officer at CURO Financial Technologies Corp (the holding company for Speedy Cash) shared,

“Instead of clicking on a link to view information about package delivery, type in the address for the UPS site or Google it, and go from there. Scammers will create links that look like the real deal with a subtle difference (e.g. www.speeedycash.com instead of www.speedycash.com). Notice the extra “e.” These fake sites will look like the real site, but their purpose is to steal your information.”

Most common phishing scams:

Tech support scams: False claims about your account trick you into revealing your information
Infected attachments: Downloading documents or .HTML links to hack into files
Social media: False info through messaging on social media platforms (think: Facebook, IG or LinkedIn) to get login credentials
CEO Fraud: Emails from your so-called boss/CEO requesting wire transfers or other forms of payment, particularly to overseas destinations

How to prevent phishing

You can spot many phishing red flags before it’s too late. If something seems fishy, like a harsh demand to open an attachment, it probably is.

Shuck suggests,

“The best protection is to avoid opening attachments unless you were specifically expecting one.” He added, “It is important to remember these tricksters will replicate emails or even websites for legitimate companies to try and trick you.”

Most common phishing red flags:

Obvious misspellings in bodies of text or web links
Accounts urgently needing updated banking or personal secure info, like date of birth, Social Security Number, or account password
Unbelievable offers/winnings, like a trip to the Bahamas you never entered
Emails from a personal account, not the domain of your trusted provider
Threating emails of false debt-collection claims (i.e. fictitious case number, threatens legal action, etc.)
Emails asking for advanced payment or pre-payment
Emails requesting funds loaded to a prepaid card, gift cards or wire transfer

Unsure if you’re the phish?

Obviously, not every email is going to be a scam. But it’s better to be cautious than the catch. Here are some things to think about when someone or something wants your info.

Make sure you verify:

Confirm the person or provider is who they say they are
If you feel the email or claimed info is false, do not provide your personal info
Call or email the valid business’ contact info (not what’s listed in the suspected email) and verify claim
If the legit business tells you it’s false, report the email or other social interaction as a phishing scam

How to report phishing emails and texts

It’s very important to report a phishing email, text or other contact. Provide your experience and help combat those nasty fraudsters!

Forward your phishing email to the Anti-Phishing Working Group at reportphishing@apwg.org
Forward you phishing text message to SPAM (7726)
Report the phishing attack to the Federal Trade Commission at ReportFraud.ftc.gov

No phishing area

Phishing scams are a preferred way to slyly get your financial and sensitive info. Be extra cautious of personal info requests and suspicious downloads. And watch for misspellings, demanding requests and skeptical winnings claims to avoid being caught in a phishing trap.

The information included in this article was reviewed and approved by Ron Shuck Senior VP, Chief Information Security Officer at CURO Financial Technologies Corp.

Staff. (2021, February). Federal Trade Commission. Consumer Sentinel Network. Data Book 2020. Retrieved from: https://www.ftc.gov/system/files/documents/reports/consumer-sentinel-network-data-book-2020/csn_annual_data_book_2020.pdf ↩︎
Staff. (n.d.). Report Phishing Sites. Retrieved from: https://us-cert.cisa.gov/report-phishing ↩︎
Staff. (2019, May). How To Recognize and Avoid Phishing Scams. Retrieved from: https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams ↩︎
Staff. (2021). Data Breach Investigations Report. Results and Analysis. Retrieved from: https://www.verizon.com/business/resources/reports/dbir/2021/results-and-analysis/ ↩︎

About
Sarah Sumner
Read more from Sarah

As the youngest of seven children and raised by a single mother, financial security was not a mainstay. My money mindfulness was fueled by fear rather than a desire to be educated or successful. After several years working in retail banking and embracing financial responsibility, I've gained monetary experience that continues to help me grow on the daily.