How to Handle Common Email Phishing and Spoofing Scams

Email Phishing and Email Spoofing Scams

In honor of International Fraud Awareness Week and with Cyber Security Awareness Month behind us, it seemed appropriate to write about what seems to be an increasing and ever-present threat looming out there on the internet. In fact, a number of our clients have had close calls with some sort of cyber security threat, and I wanted to share a few thoughts.

First, a little context might be helpful. In 2020, according to CNBC, identity theft and fraud cost consumers over $56 billion and affected over 49 million consumers in some way (including myself!) Approximately $13 billion came from "traditional" identity theft and fraud, things like having a wallet stolen or your mailbox raided (this is what happened to me, by the way). The rest, for the most part, came from email phishing, email scams, and email spoofing. It's no wonder since we have been spending a lot more time online since the COVID era began.

Whatever the method, the end result is for some bad actors and criminals to get access to your personal information and, ultimately, your money.

What is email phishing?

Email phishing occurs, for example, when you receive an email that pretends to be from a company that you do business with—probably asking for personal information from you or asking you to "click here" for something in return.

Email scams occur when you get an email with some sort of story you are asked to believe. Maybe a family member has been kidnapped in Mexico, or you are miraculously related to a Nigerian King that wants to leave his fortune to you as long as they can have the banking information to deposit the fortune into.

What is email spoofing?

Email hacking, also referred to as email spoofing, occurs when some sort of malware has allowed another person to literally take over your email. You may send an email to a friend and then get back a personal response that may seem strange or not in your friend's email "voice." Suddenly they are asking for money or asking you to buy gift cards for them, for example.


Are you making a critical retirement planning mistake?

To learn retirement distribution strategies and develop a thoughtful income strategy, click below to claim your FREE online course!


Here's how to tell if an email is phishing or a scam:

  1. You receive an email from a large company, but the 'From' email address is from a public domain email (like Yahoo or Gmail), or the email address does not contain the company's name.

  2. The domain in the email address is spelled wrong. If you receive an email from billing@netflix.com, it's more believe able than billing@netf1ix.com. Sometimes, as we tend to skim our emails, this can slip right past.

  3. The email is poorly written and contains grammatical errors. This one speaks for itself, but if you get an email from the power company with grammatical mistakes and strange language, it might be suspicious.

  4. There might be an attachment to open or a link to click. Attachments are a definite red flag. By opening an attachment from a bad actor, you may unintentionally install the malware they need to either spoof your email, track personal information, or even hold your computer hostage for a monetary payment. If there is a link to click, you can hover over the link with your mouse and see where it might take you. It may send you to what looks like some approved payment screen to try and have you enter a credit card or banking information.

  5. The email tries to create a sense of urgency or fear. The email may contain something about some adverse outcome if you don't act 'immediately.'

In the below video, Brandon touches on some additional examples of email phishing and other fraud attempts that we’ve seen recently:

How to protect yourself from email phishing

The bottom line is that if you are suspicious about an email, trust your instinct and verify the source before clicking anything within the email or taking any action requested in the message. Call customer service for the company and see if the email is valid. Call your friend and see if they have been abducted in a foreign country. Most importantly, feel free to call the FBI hotline at (202) 324-3000, or online at www.fbi.gov or tips.fbi.gov, or visit the FTC online to report an email scam, or call 1-877-382-4357.

We hope this overview about common email scams has been helpful regarding the ever-present threat looming on the internet and in your email inbox. With several close calls with our own clients here at Mainsail in recent years, we have learned that scams are only getting more sophisticated.

More financial insights as we close out the year:


Adam Laibson