Scams and Scammers – Email

by Billy J Long Guidance, PSA Articles

Article (PSA‑0026)

Why Email Scams Matter

Scammers use email to trick you into handing over personal data (passwords, Social‑Security numbers, account numbers) or to install malicious software that can turn your device into ransomware. Even if you pay the ransom, the attackers almost never unlock your files.

Common Ways Email Scams Look

  • Urgent pleas for help (e.g., “My account is locked – send money now”).
  • Fake password‑reset or security‑alert messages.
  • Impersonations of familiar institutions – government agencies, the IRS, banks, or popular services like Netflix.

Why Businesses Are Prime Targets

Scammers can harvest a company’s public data (website, LinkedIn, press releases) and craft highly specific, believable messages that appear to come from a trusted partner or vendor.

Key Statistics (to put the risk in perspective)

According to Symantec research, **≈ 85 % of all email traffic is spam or malicious**. Roughly **9 out of 10** messages are not legitimate, and most contain malicious links or attachments.

Three Pillars of Protection

1. Adopt a Healthy Distrust of Email

  • Assume every unsolicited email could be a trap.
  • Never click links or open attachments unless you’re 100 % sure they’re legit.

2. Keep Your Basics Up‑to‑Date

  • Install operating‑system and application security updates promptly.
  • Run reputable antivirus/anti‑malware software and keep its definitions current.
  • Enable a firewall (built‑in Windows Defender Firewall or a third‑party solution).
  • Configure your email provider’s spam‑filter and junk‑mail settings.

3. Examine Suspicious Emails Carefully

  1. Don’t rush. If you’re busy, set the message aside and review it later.
  2. Ask yourself:
    • Do I actually have this service or account?
    • Does the request make sense for me?
  3. Check the sender address. Look at everything after the “@”.

    Real Netflix example:
    admin@netflix.com

    Fake Netflix examples (watch the domain part carefully):
    admin@netflix.ru
    admin@netflex.com

    The legitimate address always ends with .com and the domain name is spelled exactly “netflix”. Anything else (e.g., .ru, “netflex”) is a red flag.

  4. If anything feels off, mark the message as Spam/Junk and delete it.

Quick Email‑Scam Checklist

  • ✔️ Treat every unexpected email as suspicious until verified.
  • ✔️ Hover over links – the URL displayed must match the claimed site.
  • ✔️ Verify the sender domain (e.g., @bankofamerica.com, not @bankofamerica.co).
  • ✔️ Keep your OS, apps, antivirus, and firewall up to date.
  • ✔️ Use strong, unique passwords and enable multi‑factor authentication where possible.
  • ✔️ Report phishing attempts to your email provider and to the FTC (reportfraud.ftc.gov).

What to Do If You Think You’ve Been Compromised

  • Disconnect the device from the internet.
  • Run a full scan with your antivirus/anti‑malware solution.
  • Change passwords for any accounts that may have been exposed – start with email, banking, and any services that store personal data.
  • Consider enabling credit‑monitoring or a fraud‑alert with the major credit bureaus.

Need Help?

If you have questions about a specific email, need assistance tightening your security, or want a quick safety review, call PSA Computer Services at (707) 506‑6802.