Skip to content
Protect-mom.com
<- Module 1: IntroModule 3: Text Message Scams ->

Module 2: Common Email Scams

Introduction to Email Scams

Email is a favorite tool for scammers because it’s easy to reach many people at once and messages can look very convincing. Scammers constantly update their tricks to make their emails seem real. In this module, you’ll learn how to spot suspicious emails and keep yourself safe from email scams.

The Anatomy of a Suspicious Email

Before we look at specific types of email scams, let's understand the common elements that can help you identify a suspicious email:

Key Parts of an Email to Check:

  1. Sender's Email Address - May look similar to a legitimate company but with slight differences
  2. Subject Line - Often creates urgency or curiosity
  3. Greeting - Generic ("Dear Customer") instead of your name, but may include your name.
  4. Message Content - May contain spelling/grammar errors or unusual phrasing
  5. Links - Hover (don't click) to see where they actually lead
  6. Attachments - Could contain malware
  7. Footer - May be missing standard company information

Common Email Scam Types

1. Phishing Emails

Phishing emails pretend to be from trusted organizations like your bank, credit card company, or a government agency. They try to trick you into revealing personal information or clicking on dangerous links.

Example: Bank Phishing Email

From: security@bankofamerica-secure.com (note: you can tell it's not real because instead of bankofamerica.com, it has '-secure' added to the real banks name)

Subject: URGENT: Your Account Has Been Suspended

Message:

Dear Valued Customer,

We have detected unusual activity on your account. Your account has been temporarily suspended for your protection. To restore access, please verify your information immediately by clicking the link below:

[Verify Account Now]

If you do not verify within 24 hours, your account will be permanently closed.

Thank you,
Bank of America Security Team

Red Flags in This Example:

  • The sender's email address is not from the official bank domain (bankofamerica.com)
  • Creates false urgency with threats of account closure
  • Generic greeting instead of using your name
  • Asks you to click a link instead of contacting the bank directly
  • Poor formatting and unprofessional appearance

2. Account Verification Scams

These emails claim there's a problem with one of your online accounts (Amazon, Netflix, Apple, etc.) and ask you to "verify" your account by providing personal information.

Example: Amazon Account Verification Scam

From: amazon-support@customer-service.net (not the real Amazon)

Subject: Your Amazon order cannot be shipped

Message:

Dear Amazon Customer,

We were unable to process your recent order due to a problem with your payment information. Please update your payment details by clicking the link below to ensure your package can be shipped.

[Update Payment Information]

If we do not receive updated information within 48 hours, your order will be canceled.

Amazon Customer Service

How to Protect Yourself:

  • Never click links in emails asking for account verification
  • Instead, open your web browser and type the company's website address yourself
  • Log in to your account directly to check if there are any real issues
  • Or call the company using the phone number from their official website (not from the email)

3. Tech Support Scams

These emails claim to be from Microsoft, Apple, or other tech companies, warning that your computer has a virus or security problem that needs immediate attention.

Example: Tech Support Scam Email

From: microsoft-security@tech-support-team.com (not the real Microsoft)

Subject: CRITICAL ALERT: Your Computer is Infected with Malware

Message:

ATTENTION MICROSOFT WINDOWS USER

Our security system has detected dangerous malware on your computer. Your personal information and banking details are at risk of being stolen.

You must take immediate action to remove this threat. Our Microsoft certified technicians can help you remove this malware remotely.

Call our support team immediately: 1-800-XXX-XXXX

Do not use your computer for online banking or shopping until this threat is removed.

Microsoft Security Team

Important Facts:

Microsoft, Apple, and other tech companies will never send unsolicited emails about viruses on your computer. They cannot detect viruses on your device remotely. These scammers want to gain remote access to your computer or sell you fake security software.

Red Flags in Email Messages

Here are key warning signs that an email might be a scam:

  • Urgency: "Act now," "Immediate action required," "24 hours only". Any time you are rushed to do something, pause and question its legitimacy.
  • Poor spelling and grammar: Professional organizations proofread their communications
  • Generic greetings: "Dear Customer" instead of your name
  • Suspicious sender address: Look carefully at the actual email address, not just the display name
  • Requests for personal information: Legitimate organizations rarely ask for sensitive information via email
  • Unexpected attachments: Be very cautious about opening attachments you weren't expecting
  • Too good to be true offers: Free gifts, huge discounts, unexpected winnings
  • Threats: Warnings about account closure or legal action if you don't respond

How Legitimate Organizations Actually Communicate

Understanding how real companies communicate can help you spot fakes:

  • They don't create false urgency or threaten you
  • Legitimate companies address you by your actual name, not generic terms
  • They never ask for passwords via email
  • They provide contact information and don't pressure you to use only the links in their email
  • Financial institutions typically use secure message centers within their websites rather than sending sensitive information via email
  • Government agencies like the IRS typically communicate through postal mail for official matters, not email

Follow These Steps:

  1. Don't click any links or download any attachments. Even if it is a legitimate email, you can go to the company website directly yourself and login to your account like you normally would. You should be able to access the same information there if it is legitimate.
  2. Don't reply to the email (this confirms your address is active)
  3. If you think it might be legitimate, contact the organization directly using their official website or phone number (not the one in the email)
  4. Delete the email or mark it as spam/junk
  5. If you've already clicked a link or provided information, change your passwords immediately and monitor your accounts for suspicious activity
  6. Call a family member or friend that knows technology well and ask them for advice.
  7. Consider reporting the scam to authorities like the FTC at ReportFraud.ftc.gov
Take Module 2 Quiz
<- Module 1: Intro to Digital SafetyModule 3: Text Message Scams ->