Never Trust and Always Verify: How to Avoid Getting Scammed Over Email

A scammer can make their emails look like they’re from your boss, a trusted retailer, or your best friend. Here’s how to stop them from stealing your identity.

Here’s a question: If you were suddenly locked out of your email accounts, how badly would that affect your ability to a) do your job, or b) live your everyday life? If you’re like most people, the answer is probably “really badly, so very badly indeed.”

Email accounts have become such a central hub of daily life and work that, of course, it’s one of the places that scammers target first. Whether it’s by sending you a phishing email or by guessing the answer to your (super easy to figure out) security question, there are numerous ways that scam artists can hack into your account and steal your identity.

Luckily, there are also steps you can take and pieces of advice you can heed in order to keep yourself safe from their nasty works. Here’s a quick and dirty guide to how you can identify, derail, and generally avoid emails scams.

Watch out for these 3 common email scams.

In order to keep yourself safe from email scams, you need to learn how to identify them. As wily as these scammers can be, most of their schemes tend to follow the same handful of plots. Here are three common types of email scams, courtesy of Justin Lavelle, a scams prevention expert and Chief Communications Officer at (@BeenVerified).

  1. Many hackers will use big names like PayPal and eBay in the “sent from” section of emails, so it is important to ignore unknown emails. If you open the email and aren’t sure of its validity, just click on the name in the “sent from” box to view the actual email address. Most times you’ll realize right away that it’s not actually a business email address from PayPal, eBay, or another well-known institution. If you don’t recognize the sender, your best bet is to not open the email period and never click on a link, attachment, or file within an email you’re unsure about. This is how hackers insert Malware on your computer and are able to access your personal information.”
  2. CEO Phishing Scam. This scam works as follows—a brief, casual email arrives from a top executive or even the CEO of the company from the correct email address, with nothing appearing out of sync. The request is for the recipient to wire money to a certain account or share some other sensitive company information, such as employee payroll data. The scam often works because it plays off of certain corporate cultures; fellow executives may be used to such informal and terse communications between one another, while a request from a CEO made to a more junior employee may not garner any questions out of a sense of obedience.”
  3. Business Email Compromise Scam. Similar to CEO Phishing scams, the Business Email Compromise Scam targets businesses working with foreign vendors or businesses that regularly perform wire-transfer payments. The fraudster emails a phishing document to an intended victim via the address of a legitimate supplier and asks him to change the wire transfer payments of paying invoices. Once the link in the email is clicked on, it downloads malware on the computer and allows the fraudster to gain unrestricted access to personal information, including financial account data and passwords.”

Trust no one. Seriously.

Steve Weisman is a lawyer, author, and identity theft expert. His Scamicide (@Scamicide) blog tracks all the latest developments in scams and provides resources to help users keep themselves safe. And when it comes to protecting yourself from an email scam, Weisman has a very catchy motto.

“My mantra for avoiding email scams is ‘trust me, you can’t trust anyone,’ says Weisman.  “A wide range of malware from ransomware to keystroke logging malware, which is used to steal personal information from your computer, is most often unwittingly downloaded by victims who click on links or download attachments in emails that appear to come from people, institutions, and companies that they trust.

“Often the emails containing the malware have been specifically crafted to appeal to us personally through social engineering, by which the scammer has gathered information about us to make the email more appealing and more trustworthy.”

“Often we are our own worst enemies by posting too much information about ourselves on social media, “ he continues, “thereby arming the scammer with personal information, such as our favorite band or television program that can be used to lure us to click on a link or download an attachment. In some instances, we may be responding to an email that actually is coming from one of our friends whose account has been hacked so we tend to trust it.

“Trust me, you can’t trust anyone.”

How to recognize a scam email.

Brandon Schroth is the Digital Manager for Gillware Data Recovery (@gwdatarecovery). He cautions that it’s not just individuals who need to watch out for email scams: “Organizations need to be prepared for malicious breaches and cyber attacks, many of which are delivered by way of email.”

According to Schroth, “fraudulent emails come in all shapes and sizes.” But he also has tips to help you easily identify them:

  • “If you receive an email where the ‘To’ field is left blank, it’s a clear signal that it didn’t come from the perceived sender.”
  • “When an email from a company has spelling errors or bad grammar, it should be another warning sign. Large companies have copywriters and editors who make sure email communications are grammatically correct.”
  • “Also, if the email begins with ‘Hello’ but doesn’t actually state your name, that’s another red flag.”
  • “When checking your email, stay suspicious and on alert. Often times a fraudulent email will try to scare you by saying something was stolen or that you’ve won a prize. Rather than clicking on links from your email, just go directly to the actual website and sign in how you normally would.”

Even if all those methods fail, there is one thing you can do to above else. According to Weisman, “You can start protecting yourself by never clicking on a link or downloading an attachment unless you have absolutely confirmed that it is legitimate.”

Install a security program.

Both Weisman and Schroth agree that you (and your employer) should use some kind of security program on your devices.

“You should also have some form of internet security installed,” says Schroth. “Norton AntiVirus or McAfee SiteAdvisor are two helpful tools that can prevent disaster in the event you do open a malicious email.”

Weisman goes on to provide an additional warning: Even the most recently updated security software is still probably lagging behind the best scammers.

“You also should have security software on all of your electronic devices including your phone and keep that security software up to date with the latest security patches,” says Weisman, “recognizing that regardless of how up to date your security software is, it will always be at least 30 days behind the latest scams using and exploiting previously undiscovered zero-day defects.”

Don’t re-use the same password.

We know. We know. It’s difficult enough remembering one password, let alone one dozen. Still, using the same password over and over again means that a scammer only has to get their hands on one of them in order to access all your personal and financial accounts. It may be a hassle, but it’s a hassle worth dealing with.

“Use a unique password for every account,” says Weisman, adding that it’s “not as difficult as it may appear.”

“You can start with a base password, such as IDon’tLikePasswords which combines capital letters, small letters and a symbol.  You can then strengthen it even further by adding a couple of symbols so it reads IDon’tLikePasswords!!!.

“Now you can adapt that base password with a few letters for each of your accounts.  For instance, your Gmail account password can be IDon’tLikePasswords!!!GM.”

Beware easy to answer security questions.

In the digital age, using a security question like “what street did you grow up on” or “where did you go to middle school” could set you on the fast track to getting hacked. With more information about ourselves available than ever before in human history, you’ll have to take some extra precautions.

According to Weisman, “You also should be aware that if someone is able to answer your security question, they can take over your email account as happened to Sarah Palin when someone answered her security question as to where she met her husband by getting the answer through Wikipedia (It was at Wasilla High School).

“While most of us aren’t as famous as Sarah Palin, much of our personal information can be found with a diligent online search and we also may have, again, posted too much personal information online such as our pet’s name.”

Here’s Weisman’s delightfully simple solution:

“The easy way to avoid this problem is to give a nonsensical answer for the security question.  For instance, you can make the answer to the security question asking your mother’s maiden name, “Grapefruit.”  It is so nonsensical, no identity thief will be able to ascertain it and it is so silly that you will remember it.”

Scammers will do everything in their power to get one over on you. The more precautions you take like the ones listed above, the less likely they are to gain the upper-hand. When it comes to emails, you have to trust no one and do everything you can to verify their identity. Together with some strong security software, these practices are the best way to keep yourself safe.

To learn more about protecting yourself from scammers and con artists, check out these related posts and articles from OppLoans:

Have you ever fallen victim to an email scam? We want to hear from you! You can find us on Facebook and Twitter.

Visit OppLoans on YouTube | Facebook | Twitter | LinkedIN


Justin Lavelle is a Scams Prevention Expert and the Chief Communications Officer of (@BeenVerified). BeenVerified is a leading source of online background checks and contact information. It helps people discover, understand and use public data in their everyday lives and can provide peace of mind by offering a fast, easy and affordable way to do background checks on potential dates. BeenVerified allows individuals to find more information about people, phone numbers, email addresses and property records.
 Brandon Schroth is the Digital Manager for Gillware Data Recovery (@gwdatarecovery), a world-class data recovery company and digital forensics lab specializing in recovering lost data from failed storage devices such as hard drives, solid-state drives, USB flash drives, SD cards, mobile devices, servers and more.
Steve Weisman is a lawyer, college professor at Bentley University and author.  He is one of the country’s leading experts in identity theft.  His most recent book is “Identity Theft Alert.”  He also writes the blog (@Scamicide) where he provides daily updated information about the latest scams and identity theft schemes.


The information contained herein is provided for free and is to be used for educational and informational purposes only. We are not a credit repair organization as defined under federal or state law and we do not provide "credit repair" services or advice or assistance regarding "rebuilding" or "improving" your credit. Articles provided in connection with this blog are general in nature, provided for informational purposes only and are not a substitute for individualized professional advice. We make no representation that we will improve or attempt to improve your credit record, history, or rating through the use of the resources provided through the OppLoans blog.