Common Email Scams That Businesses Encounter and What to Do About Them

Over the past year, an estimated 76 percent of businesses experienced a phishing attack. The goal of these attacks, often referred to as email scams, is ultimately to take your money—either directly from your bank accounts by acquiring information like social security numbers, credit card numbers, usernames, passwords, and/or addresses.

 No business is above falling victim to an email scam. It’s estimated that one in 99 emails sent to employees is a scam, many of which appear to have come from legitimate sources. This article will discuss some of the most common email scams that businesses face and how you can handle them.

Common Email Scams

Here are a few common email scams you and your employees should be aware of:

The Suspended Account

If you ever get an email notification that one of your accounts is at risk of a security breach or that your account will be suspended unless you take immediate action, be suspicious. This can include your bank account, credit card account, PayPal account, Netflix account, or any other number of accounts. Here are some ways you can tell it’s a scam:

• The email address doesn’t end with the supposed company’s official website address (e.g., bankofamerica.com, netflix.com).
• The provided link is to an illegitimate site.
• The salutation is vague (e.g., “Dear Sir,” “Hi Dear”).

The Survey

If you’ve expressed interest in certain topics online, Internet con artists can use that information to trick you into handing over sensitive information. They do this by sending a survey request with a link that will install malicious spyware or malware onto your device, thus opening you up to identity theft. Never click on a survey link in your email unless you’ve joined a survey mailing list.

The Lottery

This one gets a lot of people. If you receive an email claiming that you’ve won a lottery or some other kind of significant financial prize, don’t believe it. Clear signs that it’s a fake include: 

1. You never signed up for a lottery or contest.
2. The “To” field shows that the email was sent to thousands of people.
3. The sender’s email address is not from a legitimate organization.

 Responding to this kind of scam can result in thieves taking sensitive information or even emptying your bank account.

How to Prevent Attacks

One of the best ways to protect your business is investing in data loss prevention, which will monitor and control what information leaves your facility or network. It’s also essential to comply with General Data Protection Regulation (GDPR). And if you market to people in the EU, you have to comply with their GDPR as well, which means you must anonymize collected data, carefully deal with data crossing over borders, and alert the authorities of any data breaches, to name a few. If you fail to comply with such regulations, you can expect stiff penalties.  

Along with protecting your data, you and your employees will want to scrutinize every suspicious email you encounter. If you spot such an email, don’t click any links or download any attachments within the email. If you think there’s a chance the email is from a trusted source, open a new browser window and search for the website to check its legitimacy. Furthermore, look for little things like misspelled company names and slightly skewed logos.

What to Do When You’ve Been Attacked

If you respond to an email scam by clicking a link or giving away information, the first thing you want to do is change the passwords on all your online accounts (e.g., emails, banks, entertainment) and PINs. Then, notify a major credit bureau (e.g., TransUnion, Equifax, Experian) of the incident so they can put a fraud alert on your account. Finally, contact your banks and credit card companies to freeze your accounts.

 Email scams are often successful, which is why they’re so prevalent today. Take the proper steps to prevent these attacks, and always keep a lookout for illegitimate emails. Lastly, if you fall victim to such an attack, be sure to act quickly to reduce your risk of identity theft.