Recognizing and Avoiding Email Scams
US-CERT
Summary
Email provides us a convenient and powerful communications tool. Unfortunately, it also
provides scammers and other malicious individuals an easy means for luring potential victims.
The scams they attempt run from old-fashioned bait-and-switch operations to phishing schemes
using a combination of email and bogus web sites to trick victims into divulging sensitive
information. To protect yourself from these scams, you should understand what they are, what
they look like, how they work, and what you can do to avoid them. The following
recommendations can minimize your chances of falling victim to an email scam:
• Filter spam.
• Don’t trust unsolicited email.
• Treat email attachments with caution.
• Don’t click links in email messages.
•
Install antivirus software and keep it up to date.
•
Install a personal firewall and keep it up to date.
• Configure your email client for security.
These recommendations are explained in the section “What You Can Do to Avoid Becoming a
Victim.” Ignoring them may leave you vulnerable to identity theft, information theft, the abuse of
your computer for illegal activity, the receipt of bogus or illegal merchandise, and financial loss.
Recognizing Email Scams
Unsolicited commercial email, or “spam,” is the starting point for many email scams. Before the
advent of email, a scammer had to contact each potential victim individually by post, fax,
telephone, or through direct personal contact. These methods would often require a significant
investment in time and money. To improve the chances of contacting susceptible victims, the
scammer might have had to do advance research on the “marks” he or she targeted.
Email has changed the game for scammers. The convenience and anonymity of email, along with
the capability it provides for easily contacting thousands of people at once, enables scammers to
work in volume. Scammers only need to fool a small percentage of the tens of thousands of
people