A few weeks ago I happened to glance at my email notifications pretty late at night (unlike many web devs I don’t typically work past 5 pm) and saw a notification from a client titled !!URGENT!!.
She had received an email from someone who claimed to own her domain name. The email said she must send money (right now!) or the domain would expire and she would lose the domain name she had owned for over 10 years.
It was a scam. I reminded her where her domain was registered and doublechecked to make sure it was not going to expire and that she was safe on all fronts.
Thankfully she didn’t click the link inside the email.
Many of these scams bring you to a page where they steal your info after you fill out a form or give them personal info, but some of them are straight up phishing links that can infect your device with a simple click.
Other emails or attempts at scamming are designed to take control of an online asset or to scare you into making a payment that you are not required to make.
Common Scam Emails you may receive about your website or digital marketing
This story is not new. I often get emails from clients asking if the email they received is legitimate. These emails are used as attack “lures” and can often be very hard to spot.
If you are the holder of a business email domain ([email protected]) your email is easy to find and associate with your business name, so you can be targeted by scammers trying to get you to let your guard down in a vulnerable moment.
There are too many of these email lures to list all of them, but here are a few so that you can get an idea of what they may look like and the sophistication behind them.
Below is a copy of an email a client received through their email. (the links have been removed and the website name has been redacted)
Why do you use my images for [domen] without my consent! It’s illegal! It violates my rights! You must delete images NOW!!!!!
This is Melina and I am a qualified illustrator.
I was discouraged, to put it nicely, when I came across my images at your web-site. If you use a copyrighted image without my approval, you should be aware that you could be sued by the copyrigh owner.
It’s illegal to use stolen images and it’s so disgusting!
Take a look at this document with the links to my images you used at [Website URL] and my earlier publications to obtain evidence of my legal copyrights.
Download it now and check this out for yourself:
[live link has been removed for your safety]
If you don’t delete the images mentioned in the document above within the next few days, I’ll write a complaint against you to your hosting provider stating that my copyrights have been infringed and I am trying to protect my intellectual property.
And if it doesn’t work, you may be pretty damn sure I am going to report and sue you! And I will not bother myself to let you know of it in advance.
Copyright infringement is a big matter and should never be taken lightly. You should always make sure you are using royalty free, purchased imagery on your site and in your content (that is for another blog) but even if you are 100% sure you are in the clear, this email could seem scary.
If you made a mistake, or your web designer didn’t source their imaging properly, you could be looking at $1,000s of dollars in fines.
A few days later another client received the exact same email but with a different email address ([email protected]) and name.
Here is another one that supposedly came from Facebook
From: Facebook Support <[email protected]>
Date: Tue, Jan 26, 2021 at 1:26 PM
Subject: Facebook Support
To: <client email removed for privacy>
We’ve removed or disabled access to content that you posted to Facebook for the following reason:
We received a report from a third party that the content you posted infringes or otherwise violates their rights.
Accordingly, your account has been repeating these actions this means your Facebook Account will be disabled and Page will be removed.
If you believe these reports are not being made in good faith or are inaccurate please appeal below:
[live link has been removed for your safety]
In a case like this you can easily see that the “from” email is not a Facebook email address. If you receive an email like this, please report it to Facebook by forwarding the email to here: [email protected].
Snail Mail Scam Attempt
I have another client that received a bill in the mail from “Domain Authority” Requesting immediate payment of $300 or they would lose access to their domain.
Domain scare tactics are very popular and often people have them auto renew and just don’t really remember who they are listed with.
I recommend always keeping a secure folder in your Google Drive or a written notebook with your important digital asset information such as:
- Who is your domain registered with and what is the password to access?
- Who is your web host?
- How do you access the backend of your website? What are your passwords and what CMS do you use?
- Any login access to any digital access platform including social media accounts, email marketing platforms, website access, google accounts, payment gateways, form solutions, etc.
Google My Business Takeover
This one is different because it is not exactly a “scam” in that you will not inject malware or have your info stolen by clicking on the link. But there has been an increase in the attempts to take over other companies’ online assets and hold them for ransom.
For example, I had two clients recently receive the following emails from Google My Business:
Anyone can go to a business location on Google maps and attempt to “claim” the business as their own.
Google will send a letter to the original email that holds the account but if you do not jump on this quickly enough you can actually lose access to your business account listing.
If this happens to you:
- Immediately click the review button
- DENY the request
- Write down the information and take a screenshot.
- You then need to report the scam attempt to Google so that they are aware. Go here to make a report https://support.google.com/business/contact/gmb_3p_complaints
Private Life Blackmail
Sometimes an email really just seems “phishy”. But just in case you may be one that worries about every one that comes through your inbox always run away from emails that looks like the following (this email was sent “from” the client’s email address):
Have you recently noticed that I have e-mailed you from your account?
Yes, this simply means that I have total access to your device.
For the last couple of months, I have been watching you.
Still wondering how is that possible? Well, you have been infected with malware originating from an adult website that you visited. You may not be familiar with this, but I will try explaining it to you.
With help of the Trojan Virus, I have complete access to a PC or any other device.
This simply means I can see you at any time I wish to on your screen by simply turning on your camera and microphone, without you even noticing it. In addition, I have also got access to your contacts list and all your correspondence.
You may be asking yourself, “But my PC has an active antivirus, how is this even possible? Why didn’t I receive any notification?” Well, the answer is simple: my malware uses drivers, where I update the signatures every four hours, making it undetectable, and hence keeping your antivirus silent.
I have a video of you wanking on the left screen, and on the right screen – the video you were watching while masturbating.
Wondering how bad could this get? With just a single click of my mouse, this video can be sent to all your social networks, and e-mail contacts.
I can also share access to all your e-mail correspondence and messengers that you use.
All you have to do to prevent this from happening is – transfer bitcoins worth $1450 (USD) to my Bitcoin address (if you have no idea how to do this, you can open your browser and simply search: “Buy Bitcoin”).
My bitcoin address (BTC Wallet) is: 1FbN9mgTzppSUGRgBs1o7N8FpPQVfoRrKd
After receiving a confirmation of your payment, I will delete the video right away, and that’s it, you will never hear from me again.
You have 2 days (48 hours) to complete this transaction.
Once you open this e-mail, I will receive a notification, and my timer will start ticking.
Any attempt to file a complaint will not result in anything, since this e-mail cannot be traced back, same as my bitcoin id.
I have been working on this for a very long time by now; I do not give any chance for a mistake.
If, by any chance I find out that you have shared this message with anybody else, I will broadcast your video as mentioned above.
There are so many more of these examples that we could cover here.
According to the FBI, phishing was the most common type of cybercrime in 2020—and phishing incidents nearly doubled in frequency, from 114,702 incidents in 2019, to 241,324 incidents in 2020.
So let’s move on and figure out how to spot a fake email so that you don’t get caught in their net.
How to spot a scam email
Phishing emails have become way more sophisticated than they used to be. While 2-3 years ago hackers would send large amounts of the same email to mass groups of people, they have become more targeted in the last 2 years, sending smaller amounts of emails that are personally to their ideal “target”. If you want to learn more about all the types of phishing scams out there, here is a great article about it (with examples).
But when an email lands in your inbox, you just want to know if it is legitimate right? Well there are some tips to help you figure that out without getting in too much trouble.
- Check for misspelling. Go back to the examples I gave above and check the number of misspellings in the copyright email.
- Check for poor grammar (remember the old Nigerian millionaire who didn’t speak English on Craigslist?)
- Who is the “from” email? If you are getting a legitimate email from Facebook, they will have an @facebook email address. The same goes for most of these businesses. If you are receiving an email that looks like: su[email protected], has a @hotmail or other spam email domain, is a bunch of random letters and numbers or comes from YOU. It is most likely spam.
- Extreme subject lines. A subject line that reads “Payment is Urgent!!”, or “Attention, credentials needed” should be immediately trashed according to a recent study.
- Investigate the problem. When I am stumped but it doesn’t feel right, I go to Google. Copy and paste in the subject line, email address, or even the body of the email and most likely you will find that you are not the only one with the same problem.
- Trust your gut. Obviously, we all make mistakes but if someone is going to send you a cease and desist letter because you are using their images on your website, it will be delivered by a process server or through a lawyer. If it seems weird, it probably is.
Analysis of real-world phishing emails revealed these to be the most common subject lines in Q4, 2020:
- IT: Annual Asset Inventory
- Changes to your health benefits
- Twitter: Security alert: new or unusual Twitter login
- Amazon: Action Required | Your Amazon Prime Membership has been declined
- Zoom: Scheduled Meeting Error
- Google Pay: Payment sent
- Stimulus Cancellation Request Approved
- Microsoft 365: Action needed: update the address for your Xbox Game Pass for Console subscription
- RingCentral is coming!
- Workday: Reminder: Important Security Upgrade Required
What to do now?
Businesses understand that scams are a problem and so most big businesses will not request personal information via an email or other non-secure way of communication. Here are some tips if you get a spam email.
- Just like you should never respond to a text message telling you you won $1,000,000, don’t send banking info or your SSN to anyone you don’t know.
- Always report the scam. Many companies like Facebook and Google are attempting to shut down impersonators and other big businesses need to know if there are potential scammers using their name. It only takes a few minutes and can potentially help other people.
- If you do receive an email or other form of communication that seems off, don’t click the links! Do a little research or reach out to someone who may know.
- If you do click a link and are taken to a page that is asking for more information, think twice. If the request is from your bank, give them a call. Or reach out via email to a corporation (you can find many contact emails online). If you are worried about a potential lawsuit and can’t seem to shake the angst, forward them to an attorney who may be able to help.
Lastly, if you do click a link that you think or know was a phishing link there are a few steps that you can take to immediately do damage control. I would suggest that you always have a backup of your device stored somewhere in case of an emergency.
- Do not enter any data in the new screen
- Immediately disconnect from the internet
- Backup your device
- Scan your device with a good antivirus software
- Now comes the fun part. Change login credentials for anything that may contain sensitive information or may have been affected.
- If you were on a shared network (like your home wi-fi) run a scan on the other devices that were connected at the time of the click.
- Monitor your device, your bank accounts or anything else you may be worried about.
Every day people keep coming up with more devious ways to secure your private information or install malware on your device. And why wouldn’t they? Even the least tech-savvy among us stores passwords, credit card and banking information, contact numbers, personal information, and basically our whole lives on our devices. Making sure you are keeping yourself, and your information safe is important!
Could You Use Some Help Navigating the Digital World?
So what about you…have you encountered these scam emails yet?
Do you have someone in your corner to help you navigate all things digital?
How would it feel to have a hands-on guide to help you navigate the crucial steps of your business? Schedule a free session on the calendar below to talk about how coaching can help you achieve your business dreams.