Email scamming is a type of spear-phishing attack designed to steal the identity of the victim, trick them into disclosing personal information, or otherwise defraud them. Many of these scams include fake job postings, investment opportunities, inheritance notifications, lottery prizes, and other schemes meant to lure the victim into sending money to the attacker.
Some of the scamming schemes include:
- Tech support scams: A fraudulent company informs you that you have a virus and asks you to hire them to fix it.
- Foreign money exchange scams: You are offered a large payment to help with a foreign transfer of money, but first you must pay fees or taxes. This is also commonly referred to as a ’Nigerian’ fraud.
- Charity scams: A national or personal tragedy occurs, and scammers send emails asking for donations to help the victims. The donations go to the criminal, not the victims or any legitimate charity.
- Current events-based scams: It’s not unusual for scammers to try to monetize tragedies, such as hurricanes, the COVID-19 crisis, and other disasters. Scammers prey on an individual’s sympathy, charity, or fear.
- Investment scams: Scammers impersonate stockbrokers offering financial advice or low-risk, high-return investment opportunities.
Unfortunately, many individuals fall for email scams, unwittingly sharing sensitive information or making payments to scammers.
While most scams will get blocked by email spam filters, some scammers are starting to use social-engineering tactics to help avoid detection. Email scamming accounts for about 39% of all spear-phishing attacks, all of which managed to bypass spam filters. The FBI has recorded almost $800 million in reported losses as a result of these scams.
Deploy spam and virus filters. If your email security spam filters are properly set up, most spam and many scamming messages will never make it into your users’ inboxes. Make sure your filtering includes virus scanning, spam scoring, real-time intent analysis, reputation checks, and URL link protection.
Do not respond to spam. People are curious enough about scams that they respond either out of curiosity, to unsubscribe, or to ask for more information. By responding to scamming emails, you demonstrate to senders that your email address is valid, and this will lead them to send you more spam. Train your users to avoid responding to or forwarding spam messages.
Get AI-based protection. Attackers are adapting their techniques to bypass email gateways and spam filters, so a good spear-phishing solution that protects against email scams is a must. Artificial intelligence-based protection can identify and block abnormal messages and requests that could signal email scams.
Train users to identify email scams. User security awareness training helps every employee recognize, avoid, and report potential threats that can compromise critical data and systems. As part of the training, mock phishing and other attack simulations are typically used to test and reinforce good behavior.
How Barracuda Can Help
Barracuda Essentials quickly filters and sanitizes every email before it is delivered to your mail server to protect you from email-borne threats. Using virus scanning, spam scoring, real-time intent analysis, URL link protection, reputation checks, and other techniques, Barracuda provides you with the best possible level of protection.
Barracuda Sentinel is an API-based inbox defense solution that protects against business email compromise, account takeover, spear phishing, and other cyber fraud. It combines artificial intelligence, deep integration with Microsoft Office 365, and brand protection into a comprehensive cloud-based solution.
Sentinel’s unique API-based architecture lets the AI engine study historical email and learn users’ unique communication patterns. It blocks phishing attacks that harvest credentials and lead to account takeover, and it provides remediation in real time.
Barracuda PhishLine is an email security awareness and phishing simulation solution designed to protect your organization against targeted phishing attacks. PhishLine trains employees to understand the latest social-engineering phishing techniques, recognize subtle phishing clues, and prevent email fraud, data loss, and brand damage. PhishLine transforms employees from a potential email security risk to a powerful line of defense against damaging phishing attacks.
Have questions or want more information about Scamming? Get in touch right now!