How to recognize phishing emails, and how do you prevent them?
In this article we’ll discuss:
- Spam versus Phishing Scams
- Domain Phishing (unsolicited messages about your domain)
- Copyright Infringement Scams
- What can you do about it?
Our current era of cyber-infiltration has reached new heights in the realm of account hijacking, money scams, and fraudulent claims. Many of our clients—and even ourselves—have received recent emails directing recipients to download necessary services, purchase gift cards, repurchase a domain, pay an invoice, or send money orders at the most irregular of times. Some may even proclaim alleged copyright infringement from videos, images, or extraneous material we know to be licensed and legitimate.
So how do we spot the difference between the real and the fake? Let’s start with some key differences between spam and phishing scams.
Not to be confused with phishing scams, spam takes the form of unsolicited services and bulky advertisements amid piles of unopened marketing ploys in our inboxes or junk folders. Alas, we’ve never subscribed to any of these irrelevant services or websites, so why are we receiving such content?
Our email addresses are scanned hundreds of times a day, some through form submissions, some from data collection bots known as “harvesters” which store and solicit your information. Advertisers and spammers can pay to have bulk emails sent to thousands of accounts for a fraction of the price of normal marketing tactics, hence the ever-lingering use of spam.
The far more dangerous form of unwarranted solicitation, phishing scams seek susceptible individuals or companies to click malicious links, download harmful files, or send convoluted money orders to obscure locations or links. Many now demand payment for copyrighted materials or unpaid domain registration fees. This should be the first sign of ill intent.
Falling prey to these schemes can provide scammers access to your most sensitive information from your social security number, bank account information, and account data from your most visited platforms. This form of cyber sabotage is continually evolving as individuals become more savvy to their tactics, but can be spotted in some of these common signs:
- An obscure link informing you of suspicious activity
- The misspelling of words or improper grammar
- Invoices from services or providers you’ve never used
- Asking to provide sensitive information (SSN, DOB, passwords, etc.)
- Providing free services by viewing a link
- Making an outstanding payment to a website or service
Domain phishing is currently one of the most widely circulated forms of phishing, targeted largely toward new websites. Many of our clients have contacted us—especially within the first few weeks of their website going live—of emails claiming their domain is in need of resubscription at a new and unknown domain registry site—OR ELSE. Although common, these emails can trigger unsuspecting victims into clicking malicious links or sending high-dollar payments to scammers.
One of our own employees provided the following example of a domain phishing email they received within the past year:
- The first red flag appears in the “Name” field where we see Joe Miller Joe Miller. Many automated phishing responses populate fields without intuitively identifying duplicate or unnecessary information.
- The second red flag is noticed thanks to a quick Google search of “Domain Registration Corp.” After an immediate search, warnings of scams and phishing schemes from this address are the first to appear, giving you the certainty you need that this email is already a domain phishing scam. But let’s look a little further.
- The third red flag comes from the ultimatum call to action, threatening to discontinue the domain if a renewal isn’t paid within 24 hours. Reputable domain registry companies inform their customers in advance of any renewals or outstanding fees they may have without the need for such immediate action. The above email does the opposite, stating an “IMMEDIATE” need for payment at an ulterior location.
- The fourth red flag comes from a little common sense and self awareness. Specifically, our employee who provided this email already knew their domain had been paid for in one annual payment. Knowing the actual status of the payment, when it was made, and who it was to, additionally informed our employee of the phishing nature of the email. Consider these details when reviewing threatening or ultimatum-based demands.
You may also receive physical letters mailed to your business or home address from “US Domain Authority” or other such organizations that try to get you to pay a couple hundred dollars to switch your domain over to them. These are not bills, and you shouldn’t ever send money to a “domain authority” unless you are certain your domain is registered with them. If you’re ever unsure about such messages, contact your website developer. But more often than not (like 99.9% of the time) these are phishing scams to get your money.
Copyright Infringement Scams
Enacted in the United States in 1998, the Digital Millennium Copyright Act (DMCA) sought to criminalize the misuse of copyrighted materials in the form of technology, devices, or services. Scammers across the web have taken advantage of misinforming individuals and companies of their unlawful use of copyrighted materials at the consequence of thousands of dollars.
You may receive an email that has a script similar to the following:
Hi there! My name is Jennifer.
Your website or a website that your organization hosts is infringing on a copyright protected images owned by myself. Check out this report with the URLs to my images you used at www.yourdomainname.com and my previous publications to get the proof of my copyrights. Download it right now and check this out for yourself: (insert spammy link here)
I really believe you have willfully infringed my legal rights under 17 U.S.C. Section 101 et seq. and could possibly be liable for statutory damage of up to $150,000 as set-forth in Section 504 (c)(2) of the Digital Millennium Copyright Act (”DMCA”) therein.
This message is official notice. I seek the removal of the infringing materials referenced above. Please take note as a company, the Digital Millennium Copyright Act demands you, to eliminate or disable access to the copyrighted content upon receipt of this notice. In case you do not cease the utilization of the above mentioned infringing content a court action can be started against you. I have a good self-belief that use of the copyrighted materials mentioned above as presumably violating is not approved by the legal copyright owner, its legal agent, as well as legislation. I swear, under consequence of perjury, that the information in this notification is correct and that I am the copyright owner or am permitted to act on behalf of the proprietor of an exclusive right that is presumably infringed.
Regards, Jennifer Connolly 06/09/2021
This fraudulent assertion of misused copyrighted materials can alarm even the most informed techies and business owners. You may have even begun to scour your own websites in search of images or media that warrant the claim. But fear not, receiving such an email is red flag number one, as any valid claim is served and upheld by lawyers and legal professionals, not an email submission form from your website or spam inbox.
The email you received will likely direct you with a link to examine the content believed to be unlawfully used. This is your red flag number two, as this link is likely a pathway to malware or harmful materials used to hijack your information. Always refrain from the impulse to click these links if you’re ever uncertain of the source. Your online security is worth more than the cost of curiosity.
How can I avoid the constant spam and phishing scams?
Unfortunately, we’ll likely always be plagued by some form of spam, scam, or scheme wherever a quick buck can be made. This isn’t to say, however, that protections don’t exist to deter the onslaught of fraudulent activity across the web.
Our services offer domain renewals, management, and spam filtering services along with our web development and SEO expertise. We even supply software to detect and remove suspicious behaviors from online submissions.
Built-in to our Umbraco content management system (CMS) and digital marketing services comes Akismet, a spam-filtering service capable of detecting and deterring spam-based comments, emails, and submission form messages. Many of our clients have agreed the few extra dollars a month for a licensed version has provided peace of mind, while alleviating hundreds of fraudulent emails a month.
Features like Akismet, and the ability to detect phishing scams when they arise, can help keep your information secure and discrete. If you’re ever uncertain of the content you’ve received, don’t click the link! Give us a call for an assessment on how we can provide the security and management your website deserves.