Email scams are not new. However, cybercriminals now have access to artificial intelligence (AI) that makes their jobs easier. Unfortunately, their job is to steal our data, money and livelihoods.
As a result, we need to step up our defense.
John Joyce, co-owner at CRS Technology Consultants, had an opportunity to discuss the surge in email scams being driven by AI on a recent Tech Bytes segment on ABC7.
“Cybercriminals have access to the latest technology in their arsenal of tools, and we need to stay one step ahead of them,” John says. “Antivirus programs and firewalls work great, but our best defense is education. We need to make their jobs more difficult.”
Email spam vs. email scams
Email emerged as a viable form of communication during the 1990s, but spam actually pre-dates email.
“We’ve been getting stuff in our physical mailboxes that we didn’t ask for, didn’t want, trying to sell us something, as long as there has been mail,” John says. “That just translated to email over the years and now our inboxes fill up with – not dangerous – but just junk that we didn’t want. That’s just spam. They’re not malicious. It’s not there to do anything harmful.”
So what are these messages?
“They’re just advertising at the end of the day,” John continues. “It’s still annoying, but not going to hurt anything.”
The messages we need to worry about, he says, are email scams.
“Scam messages, or phishing, are inherently bad things,” John says. “They’re either trying to steal information from you, trying to deliver a dangerous payload like malware or a virus. These are dangerous things, or someone is after something.”
Because of antivirus programs, malware coming through email attachments isn’t as prevalent today. However, phishing attempts have surged. Cybercriminals are asking people to hand over their login credentials, bank account numbers and other personal data… and they’re doing it.
Identifying email scams
The first email scams were more obvious to identify.
“Once upon a time, it was typically a very poorly formatted email or the English would just be off enough to tell that something wasn’t quite right,” John says. “There would be tell-tales.”
Then, cybercriminals, many of whom live in other countries and are not native English speakers, began using Google Translate. This helped, but Google Translate still churned out copy that wasn’t perfect.
“Now with AI tools, not only is that correcting for grammatical and formatting issues, they are also scraping your Facebook page or other social media, feeding AI the information that you have given the internet about yourself and using it to craft a message that might just catch you at the wrong moment,” John says. “Is this really my bank reaching out? Is there a problem with my Amazon account? Do I need to send my grandma an Amazon gift card because it’s an emergency? We’ve seen it all.”
AI combs the internet, including social media and your company’s website. That’s how it knows your friends, your hobbies, your line of work and even political preferences based on what has been posted online.
Targets of email scams
Cybercriminals are trying to outsmart us. We have to flip the tables.
Regular people – the nonmillionaires among us – often assume cybercriminals only target wealthy individuals and companies with big bank accounts. They aren’t necessarily trying to hack into an investment bank or Fortune 500 company. Rather, they cast a wide net.
“They might not score $1 million for one person, but if they can get $100 from 1 million people, that can still be meaningful and impactful,” John says.
In an era when many people work from home and have remote access to the company’s data and server, even entry-level employees are the target of cybercriminals.
Tips to outsmart cybercriminals
There is a saying: You have to slow down to speed up. That means before opening an email, clicking on an attachment or entering data, stop and think – is this legitimate?
Questions to ask before opening an email include:
- Do you know the sender?
- Am I expecting an email from the sender?
- Have I subscribed to receive emails from this sender?
- Does it look like other emails I have received from this sender?
- Does the sender’s name match the sender’s email address?
- Does the email include a signature at the bottom?
Never click on a link or open a document unless you are 100% certain the email is authentic. Scammers are portraying companies we know and likely use. Cybercriminals are creating emails that look like they’re from Amazon or eBay, for example, and they want you to verify a purchase. Of course, you didn’t make that purchase, but to dispute the charge, you enter your login information and inadvertently just handed over the digital keys to your account. Many of these email scams contain the actual company logo, legal disclaimers and even the same font as real emails.
One recent trend is “spear-phishing.” This is when scammers target a specific business or organization. The email often comes as a request from the boss or a client, asking you to:
- Buy gift cards and send the card number and pin.
- Click the link to read what looks like a news story.
- Open this document and proof the copy.
Scammers are even creating fake invoices that appear to be from your real clients, customers and business partners. Always verify every transaction.
“At the end of the day, if you’re that suspicious, pick up the dusty phone next to you, make a call and say, ‘Hey, did you send this to me?’” John says. “That can save a lot of headaches, and in a business sense, can save a company.”
READ MORE: Tech Resources
