FBI launches new email safety campaign
‘Tis the season to be worried—at least when it comes to the alarming rise in attacks targeting Gmail, Outlook, Apple Mail and other email users. So, little surprise that the FBI has launched a new campaign warning email users how to stay safe. The only trickster you should see this holiday season, the bureau says, is the Naughty Elf.
“Scammers,” the FBI warns, “often offer too-good-to-be-true deals via phishing emails or ads. Such schemes may offer brand-name merchandise at extremely low prices, offer gift cards as an incentive, or offer products at a great price, but the product you receive is different than ordered.”
Their advice drills down to three key things to check for with every unsolicited email that arrives in your inbox before you click your way into trouble: Check the sender’s email address; check any URL before you click or certainly before you engage; and check the spelling and grammar of the email itself, as well as the URL.
We have seen a surge in phishing and fraudulent web domains this holiday season, with all threats on the rise. Aided by AI, it’s now easier for attackers to create compelling emails and websites, mimicking logos and other product imagery, even polishing their copy to make it more convincing and compelling with less mistakes.
The best advice remains to ignore marketing emails—especially when holiday season research suggests most of these are now either scams, fraud or worse. If you see an offer you like, navigate through to it by accessing the website directly or using a search engine. Albeit you also need to watch for SEO poisoning. It has become a more dangerous online world than ever, and you really do need to be careful.
All that said, the FBI’s phishing attack advice hasn’t changed:
- “Remember that companies generally don’t contact you to ask for your username or password.
- Don’t click on anything in an unsolicited email or text message. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing), and call the company to ask if the request is legitimate.
- Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
- Be careful what you download. Never open an email attachment from someone you don’t know and be wary of email attachments forwarded to you.
- Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
- Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.”
Google’s Gmail team has just issued its own advice, warning that “since mid-November, we’ve seen a massive surge in email traffic compared to previous months, making protecting inboxes an even greater challenge than normal.”
The team says it “blocks more than 99.9% of spam, phishing and malware in Gmail” for the platform’s more than 2.5 billion users. While security has improved, the company has issued its own advice for users:
- “Slow it down. Scams are often designed to create a sense of urgency, and often use terms like “urgent, immediate, deactivate, unauthorized, etc.” Take time to ask questions and think it through.
- Spot check. Do your research to double-check the details of an email. Does what it’s saying make sense? Can you validate the email address of the sender?
- Stop! Don’t send. No reputable person or agency will ever demand payment or your personal information on the spot.
- Report it. If you see something suspicious, mark it as spam. You’ll be making your Inbox cleaner and helping billions of others too.”
But it’s the FBI’s simplest message that remains its best: ”If it looks like it’s too good to be true, that’s because it is.”