Email scams continue to pose significant risks to online data, finances, and accounts. This article discusses the elements involved, the top email scams of the year, and the practices that cybercriminals are using for evolved email scams. It also shares key statistics for email and phishing scams and how to avoid all email scams.
Email scams continue to evolve through 2022 and have adopted sophisticated methods and practices to scam innocent victims like never before. Everyone thinks they cannot get scammed and find themselves caught in one. Those days are long gone when email scams presented themselves with financial opportunities and lottery winnings asking for your bank credentials directly.
Today, email scams come with automated responses and bespoke descriptions to appear genuine and are not easily recognized. Let us take you through the changing scenario of email scams and how to stay safe from email scams in 2022.
Key Statistics
Here are the latest email scam statistics to help you understand how dangerous this new threat is.
- LinkedIn is the most phished brand worldwide at 52%, followed by DHL, Google, and Microsoft, according to CheckPoint Security.
- Phishing is the most common cybercrime in the United States, with 323,972 victims in 2021.
- Most email spams originate in Russia, followed by Germany, the United States, and China.
- Over 80% of global organizations experienced phishing scams in 2021.
The Human Aspect
Ever since the “Nigerian Prince” scams took the email world by storm, asking everyone to reveal critical banking information to claim royal treasure left to them by the Prince of Nigeria, the human nature for succumbing to these financial opportunities has been the target of scammers. Cybercriminals have taken on social engineering to exploit such tendencies.
Studies like the “Obedience to Authority” reveal how likely employees are to compromise their personal information if they receive a direct order from an authoritative figure. Individuals tend to respond to emails from identities higher up in the chain of command.
Email scammers use this information and employ social engineering tactics and advanced automated technologies to deliver emails designed to impersonate organizations and individuals, so victims divulge their critical data. These evolved email scams are created with a focus on details and specifics that individuals do not realize are getting scammed.
The Latest Email Scams of the Year
The basic idea behind popular email scams remains the same. However, the way they are planned and executed has drastically changed.
- Phishing Scams: Phishing remains the most critical cybercrime, allowing threat actors to deliver malware, harvest login credentials, and steal personal information. However, phishing emails do not come with a simple link these days.
Cybercriminals enhance the effectiveness of their phishing emails by impersonating organizations and contacting the victim through additional sources. One of the most popular stories of this year was the CrowdStrike phishing email, where the threat actors reached out to victims by posing as prominent security vendors, asking them to contact a number to address potential compromises in their networks.
Once they called, the scam artist guided them to download a malware package disguised as a security patch. But this is not all; cybercriminals have also been employing automated tools, QR codes for payments, and phishing-as-a-service models for phishing website templates and malicious activities
- Cryptocurrency Scams: With an unregulated structure, cryptocurrencies are on the radar of cybercriminals and email scammers. 2022 saw many individuals getting scammed out of their crypto holdings via phishing and other scams. Scammers may present romance schemes, financial and investment scams, or official organizations. They offer discounts on crypto payments or demand crypto ransoms directly, scamming innocent victims out of their cryptocurrency holdings. With over 300 million crypto users worldwide, these cryptocurrency phishing scams are most likely to grow.
What Makes New Email Scams More Dangerous?
The new email scams and phishing campaigns are noteworthy due to the involvement of threat artists and automated technologies misusing social information on the Internet. It only takes one click to allow malicious malware from an email into your network so online protection is key.
A strong firewall application such as the Cloudflare Enterprise CDN will effectively block attackers and emerging threats so website owners can maintain safe performance for their users. Email scams are becoming increasingly more sophisticated so investing in the right protection is essential. The three most important aspects are:
Tailored Messages:
Tailored experiences on websites, social media applications, and more have created hype amongst everyone, easing their work and enhancing their experience. But with more sharing of personal information, email scammers have also taken a liking to craft their scam messages as per the target.
Threat actors scour social media applications, business profiles, and any critical information they can find to prepare a personalized email or phishing campaign. For example, you may receive an email with a lucrative business opportunity following changes to your job description. Tailored email scams are nearly impossible to detect since organizations usually send emails with personal information. Individuals do not pay attention while interacting with such emails as they think that said emails are authentic.
Automated Tools:
Deep learning and Deep fakes have also made their way into phishing and email scam campaigns. A study involving 200 individuals receiving emails generated by both human and deep learning models revealed that the emails crafted by the AI model, GPT-3, performed better than their human counterparts, getting more clicks on the links contained in them.
Furthermore, deepfakes, i.e., the generation of fake audio or video messages impersonating C-Suite employees, could also be used to deliver fake or malicious orders to employees. Automated tools for detecting phishing and scam emails are already available. However, these same tools are used by cybercriminals and threat actors dealing in AI-as-a-service models, allowing them to create emails with artificial intelligence.
Impersonation:
Impersonating top brands and services is another area that threat actors have an affinity for. A large volume of email scams and phishing scams in 2022 has involved the impersonation of top brands. Vadesecure’s report highlighted how Facebook and Microsoft are the most impersonated brands of 2021. Furthermore, malicious artists impersonate financial services, social media, and cloud services the most among various industries.
How to Stay Safe from Email Scams in 2022?
With continuously evolving email threats and scams, one needs to learn to protect against such scams.
- Email scams employ impersonation, so you should double-check invoices, discontinuation of services, and other prompt messages with the organization directly.
- Avoid opening attachments without scanning and closing links that appear suspicious. Phishing links are easily spotted as they are disguised as tiny URLs (Uniform Resource Locator), and fake web pages generally contain grammatical errors.
- Organizations should provide employees with phishing awareness training, and individuals should keep up to date with the latest email scams so they can identify them.
- Protect your network and computer system using security software and invest in an automated service or tool for email spam detection.
- Utilize MFA (Multi-Factor Authentication) as an added layer of protection for your accounts so cybercriminals cannot access them even if your credentials are compromised.
Final Words
Emails serve as the most common mode of communication in the corporate world. As such, email scams and phishing pose a huge threat to the protection of both organizations and individuals. The danger of malicious actors boosting the credibility of fake emails using artificial intelligence and personalized messages is an issue one cannot afford to ignore today. Merely following basic cyber hygiene tips, such as prioritizing double-checking of resources, MFA, and data privacy go a long way in helping you avoid becoming a victim of evolving email scams.