Emails containing sensitive information flood into inboxes year-round. Make sure your inbox is protected.
Learn how to recognize and avoid email scams and threats, and how to employ email security best practices.
Email threats can be divided into several distinct categories: viruses, worms and Trojans, spam and hoaxes, and phishing. Learn about each below.
Viruses: The term “computer virus” is sometimes used as a catch-all phrase to include all types of malware, including true viruses. However, a virus is defined as a program which reproduces itself. It may attach to other executable programs, and it may create copies of itself (as in companion viruses). Viruses may contain a “payload” (what the virus is programmed to do) that performs other actions, often malicious. It may corrupt or delete data on a computer, use an email program to spread the virus to other computers, or even delete everything on the hard disk. It may also degrade your computer’s performance by hogging memory or disk space. A virus requires user intervention to spread, whereas a worm spreads itself automatically.
Worms: A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other computers on the network without any user intervention. Unlike a computer virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.
Trojans: A Trojan horse is a malicious software program disguised as something innocuous or desirable that, because of its unsuspicious nature, is downloaded from the internet, or received as an email attachment. Trojans work by carrying programs within the file you download that allow someone else to have complete and total access to your computer. Once unleashed, the Trojan often destroys the computer’s functionality, while allowing your computer to be used for nefarious reasons. Trojans enable hackers to open backdoors within your computer system, giving them unlimited access to any files on your computer system and even access to any networks you have installed. Trojans are much more difficult to remove than a virus.
Spams and Hoaxes: There is no safe haven from the deluge of spam that hits the inboxes of users around the world. Worldwide, 90% of spam is sent by an estimated five to six million spam-sending computers that have been compromised by cyber criminals. These computers are organized into automated robot networks, or botnets, and send an estimated 120 billion emails each day. Spammers use a wide variety of clever titles to get you to open emails which they fill with all sorts of bad things. Email users often make the mistake of opening these emails. So please keep in mind:
- You have not won the Irish Lotto, the Yahoo Lottery, or any other big cash prize.
- There is no actual Nigerian King or Prince trying to send you $10 million.
- Your bank account details do not need to be reconfirmed immediately.
- You do not have an unclaimed inheritance.
- You have not won an iPad.
Email Phishing and Spoofing
Phishing is a form of manipulation perpetuated over digital communications like email. By sending out massive amounts of phishing emails, social engineers attempt to find a few gullible victims to get their hands on things like usernames, passwords and credit card details. They use email spoofing to masquerade as a trustworthy source in order to deceive people. In email spoofing, the email header is forged to make the message appear to come from someone or somewhere other than the actual source. They lure unsuspecting victims by making the email look as though it were sent from your bank, a popular social website, one of your personal friends, or just about any legitimate source.
The most common technique is to send an email to thousands of online users asking them to re-enter or update their personal information under the pretext that their “account is about to expire” or “multiple log-ins have been detected” or they’ve “just won the lottery.” The message often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. The fake website either collects the confidential information you enter, or it is riddled with malware that will infect your computer or smartphone.
Once infected, these cybercriminals can steal your credentials by monitoring and intercepting your keystrokes or grabbing screen shots to steal your personal details and login credentials. Even worse, they can turn your computer into a robot to perpetuate their crimes, without you even knowing it.
Phishers are often very organized and connected. For example, they research social media profiles to gain intelligence about people they’re targeting. Their goal is to build highly-personalized “lures” that are likely to be opened and acted upon. They may go after one piece of information, such as an ATM card PIN, to correlate it later with existing information, such as the card number and CVV. Once they obtain what they’re looking for, they can quickly convert it into cash.
Recognizing Email Scams
Unfortunately, there isn’t one single way to distinguish a legitimate email from a fraudulent one, and new scams seem to appear every day. The single most important key to avoiding email scams is to not give sensitive information to anyone unless you can verify that they are who they claim to be, and that they have a legitimate need for access to the information. To help you spot an email phishing attack, ask yourself these questions:
- Who is the email from? Is the sender’s name or email address familiar to you? Does it use a webmail account like Hotmail when it claims to be from my bank?
- Is there a URL in the email? Where’s the hyperlink going to? When in doubt, don’t click on it! As a best practice, always type the site address into the browser yourself (www.example.com) to ensure that the browser goes to the expected site.
- Is there a threat of immediate detrimental action if you don’t respond with personal information? A message demanding an immediate response deserves a good dose of skepticism.
- Does the email refer to a current news event? Large-scale catastrophes or the death of celebrities are quickly followed by a wave of phishing messages touting the same news events in their subject lines or email body. Phishers are hoping that overeager users will let their guard down and click on the links in their haste for more information.
- Does the tone of the email from friends or colleagues sound right? Filter the messages based on what you know of the purported sender(s) and how they typically write.
Other tips for how to recognize email scams include:
- The message is extremely alarming or contains threats of account closure.
- The message promises money for little or no effort.
- The deal outlined in the message sounds too good to be true.
- The message is a request to donate to a charitable organization.
- The message has bad grammar, misspellings or mismatched URLs.
Protecting Against Email Scams
Understand that no email communication is 100% secure, but we can do our best to bring the percentage close to that by following these guidelines:
- Protect your email address. Your email address is like your phone number and exposing your email address online puts you at risk of being targeted by cyber criminals and spammers – think twice before you use it or use a disposable address that you don’t use much, keep your real address private and only use it with your trusted contacts.
- Never reply to unsolicited emails. Acknowledging a spam email only validates your email address and can lead to more spam.
- Always avoid clicking on any hyperlinks contained in an unsolicited email, or opening any kind of file attached to such a message as these can be disguised and often serve only to confirm your existence to spammers or install malware onto your computer. Shortened hyperlinks from URL shortening services are popular online, but are also abused by spammers and may redirect your browser to a malicious website.
- Avoid downloading pictures in spam emails. These can be used to notify the spammer that the message has been opened. Many email applications allow you to turn off images except for those from trusted sources.
- Avoid scams and advance-fee fraud emails. If it seems too good to be true, it probably is – the only way you can ever win a lottery is by taking part.
- Be careful how much information you share about yourself on social networking sites and be careful who you add to your trusted circle of friends. Always make good use of the privacy controls on the social networking site in order to limit what others can see on your profile. It may take some time, but it is worth the effort.
- Treat with extreme caution any unsolicited email arriving in your inbox that purports to be about a major current news story – it is likely to be spam.
- Don’t use unsecure email accounts to send and receive sensitive information.
- Don’t send personal and financial information via email. Banks and online stores provide, almost without exception, a secured section on their website where you can input your personal and financial information. They do this precisely because email, no matter how well protected, is more easily hacked than well-secured sites. Consequently, you should avoid writing to your bank via email and consider suspect any online store that requests you send them private information via email.
- Encrypt your important emails. No matter how many steps you take to minimize the chance that your email is being monitored by hackers, you should always assume that someone else is watching whatever comes in and out of your computer. Given this assumption, it is important to encrypt your emails to make sure that if someone is monitoring your account, at least they can’t understand what you’re saying. Today, most reputable webmail service providers (Gmail, Hotmail, Yahoo!, etc.) offer free email encryption services.
Securing your email transmission is one step toward ensuring a safer and more enjoyable digital communication experience.
Recipient of an Email Scam
If you receive a fraudulent email, follow the below steps immediately:
- Delete the email.
- Don’t reply.
- Don’t click on any links or call any numbers provided in the message.
- Immediately forward the email to Fraud@amerisbank.com, and call our Customer Care Center at 866.616.6020.
If you receive a suspicious phone, text or email, contact Ameris Bank at 866.616.6020 or directly message Ameris Bank. Immediately contact Ameris Bank if you believe your personal information has been compromised. File a customer complaint with the FTC.