Internet Safety
Email Tips for Scams and Spam
Email scams
Many spam emails aren't trying to sell you something—they're trying to steal your money or personal information. Email scams come in many different forms, but generally they work by promising you something that's too good to be true or by making you think something bad will happen if you do not act. Popular email scams include work-at-home offers, weight-loss claims, debt-relief programs, and cure-all products.
Advance-fee fraud
Have you ever seen an email or classified ad (for example, on Craigslist) promising you something if you advance a certain amount of money? The word for this is advance-fee fraud. It's different from other email scams because it involves corresponding with an actual person—someone who is trying to trick or mislead you by sharing their "personal story," which is almost always false.
One of the most notorious examples of advance-fee fraud is the Nigerian letter scam. To learn more, read this article from the Better Business Bureau: The Nigerian Prince: Old Scam, New Twist.
Phishing
Phishing is a type of scam in which an email pretends to be from a bank or another trusted source in order to trick you into handing over your personal information. Scammers can use this information to withdraw money from your bank account or steal your identity. A phishing email will often have a sense of urgency. For example, it may claim that "unauthorized charges" were made on your credit card and that you need to immediately verify your information.
Click the buttons in the interactive below to learn how to identify a phishing email.
Action Required!
Scammers often try to make us think that not taking urgent action will result in something unwanted, such as a freeze on our bank account.
Trust your instincts. If an email from your bank is out of the ordinary, give them a call.
Misleading Link Names
Whenever you see a link, it might be helpful to think of it as a mask or a costume. What's underneath--the web address--is what counts.
Just because this link says www.bankofamerica.com, does not mean that is where it has to take us. The link could be set to take us to any page on the internet--and that's why you never want to click on links from untrusted or suspicious sources.
When in doubt, type the web address into your browser yourself. That way, you know exactly where you are going.
Logo Fraud
If this looks identical to Bank of America's official logo to you, that's because it is simply a copy or screenshot of their logo taken from their webpage.
Keep in mind that it is easy to make an unauthorized copy of any logo.
Concerned Subject Line
Fraudulent emails often have Subject lines that look important and appear to show concern for your safety. And who wouldn't be concerned about an alert on their bank account!
Here are just a few examples of Subject lines that have been used on fraudulent emails.
• Message Alert - You Have 1 Important Message
• Important Online Banking Settings Have Been Changed
• New Privacy Program (May 2010)
• Unauthorized Login Access Denied
• Bank of America Security Update
• Your Bank of America Account has been compromised
• Email Verification Required
Deceptive Addresses
Scammers often create websites and email addresses that are slight variations of familiar, authentic material.
Look closely at this address, and notice that it is bankofamercan.com, with an added "n".
A scammer can place any address they want in the from field, so sometimes the email will appear to be totally authentic (this is known as email spoofing). That means you cannot always rely on the from field to tell whether the email is from a legitimate source.
Not all phishing emails claim to be from big companies. A scammer may also hack into an individual's account and send phishing emails to the person's friends, asking for money or personal info. So if you get an email from a friend asking for sensitive information, it's best to call the friend and verify that the request is really from them before you send it.
Additional tips and resources
- Don't follow the link. It's easy for an email to use the logo from a legitimate company in order to look "official," but any link you click could take you to a shady site. Always type in the web address or click on one of your own bookmarks to go to your bank or other trusted websites.
- Report scams and spam. Some email service providers have a "This is Spam" button or another method for reporting spam. You can also contact the company being misrepresented and report the spam. Another option is to email a report of the spam to the Federal Trade Commission at spam@uce.gov.
- Get more information and learn about specific scams by visiting the Federal Trade Commission's Scam Alerts and OnGuardOnline.gov's Phishing page.