Data breaches are at an all-time high, placing your personal information—such as your name, email address or street address—at risk. If you've heard recent stories about data breaches in the news or have been notified directly that your personal information was fraudulently obtained, you may want to keep an eye out for any suspicious emails.
Much of the suspicious activity may come in the form of email scams, since most often email addresses are linked to personal information. With upwards of 2.8 million emails sent every second, and experts claiming 90% of these are spam or viruses, it's not always possible to fully protect yourself. But a little knowledge can go a long way toward protecting yourself once a data breach occurs. The first line of defense is to recognize the scams, then take steps to avoid them.
Here is a view into two of the most common ways scammers attempt to elicit money or personal information from you once your email has been compromised—spam and phishing—and then some tips on keeping your information safe.
Spam: It's not personal
Spam refers to the indiscriminate sending of unsolicited bulk messages (usually email) via an electronic messaging system. Spammers use low-cost electronic means to send large quantities of emails with commercial messages, hoping to hook a percentage of recipients with an offer or scam.
Tips to protect yourself from spam:
- Update your anti-virus software. Spam can carry viruses or malware (short for malicious software), including software called “key-loggers” that captures your keystrokes on your keyboard and sends it back to spammers. This is especially dangerous if bank account and other financial account log in information is captured. Your best line of defense is anti-spam or anti-virus software.
- Report it. You can help decrease the circulation of spam by forwarding spam emails to email@example.com and including the full header of the email and routing information. If everyone reported spam emails, we all would receive far less.
- Be wary of spectacular deals. If a deal you receive by email sounds too good to be true, it probably is. Spammers often create these deals simply to draw you further into sites laden with scams or phishing traps (see below).
- Scrutinize the details. Is your name spelled correctly? Does the email have strange spacing or other mistakes? If so, delete it. Spammers are growing in sophistication, but still choose quantity over quality.
- Consider an additional email address. If the amount of spam email you receive is making it difficult to tell the real from the fake, consider setting up a new email address to deal with your banks or other financial companies, or any other companies you share personal information with.
Phishing: Don't get hooked!
Phishing is a way cybercriminals try to obtain sensitive personal information such as passwords, usernames, and credit card details by masquerading as a trustworthy entity in an email or instant message.
Once scammers obtain your email address from a data breach, they can “phish” for ways to entice you to reveal passwords or other personal or financial information. This may come in the form of emails from companies you trust asking you to log in to protect or update your data. Instead, you are linked to a scammer's fake site and your identity and any information you reveal is captured.
Tips to avoid a phishing scam:
- Scrutinize links in an email. Point the mouse at the link to reveal the destination URL. If the URL looks wrong, leave the site and enter the real URL by hand. Be especially leery of messages warning of account problems from your bank.
- Know who you're dealing with. If a contact or company won't provide its name, street address, and telephone number, take your business elsewhere. If they do, consider trying the telephone number—phishing schemes seldom create a complete fake company.
- Don't feel pressured. Question any "act now" offers that pressure you to act on limited time or make sensational offers. These are red flags for scams that want to get you to click or enter your login information. Be especially wary of any email that asks you to update or provide your credit card number, password, or Social Security number.
- Go for the green. If you're using an updated browser (2009 versions and after), a green address bar means the site has been validated by an EV (Extended Validation) security certificate. This is one way to quickly screen website links in emails.
- Install a security suite. Most include effective phishing protection. Norton Internet Security and BitDefender Total Security rank high in comparison tests.
How to decrease your chances of your information being stolen
Cybercriminals use various means to hack into and steal information from databases that store email addresses and other personal information. If a data breach occurs and your email is fraudulently obtained, you can take steps to protect yourself. Once your email is obtained, scammers may use the tactics above to solicit purchases or sensitive information. Be cautious about how and where you share your email address and other personal information and decrease the ways it is shared by others.
Tips to keep your information safe:
- Leave the personal out of social. Be aware of the information you are sharing on the Internet. Social sites like Facebook, LinkedIn and MySpace pages enable you to decide what is shared with the general public. Share only what you wouldn't mind seeing in a database.
- Opt out of credit card offers. The more offers you respond to, the more your email is added to lists that can be breached. You can choose not to receive many offers at OptOutPreScreen, run by the consumer credit reporting industry.
- Decrease direct mail. Another way to decrease the offers you receive is by contacting the Direct Mail Association and opting out of promotional mail from its members. This applies to national mailers; local mailers must be contacted directly.
We all want to trust our email. Apply these tips to forge a new, safer online lifestyle.
If you do fall victim to an email fraud, report it to the Federal Trade Commission at www.ftc.gov. The FTC enters Internet, identity theft, and other fraud-related complaints into an online database accessible to civil and criminal law enforcement agencies around the world.