Fighting Email Fraud

Avoid becoming a victim of malicious emails.

Email is one of the most common methods by which cybercriminals gather information or commit crimes. Phishing and ransomware attacks are both prevalent and potentially devastating. The information that could be exposed could enable a criminal to access bank accounts, intercept purchases and hold valuable and confidential files hostage.


It’s a common situation experienced by many: you open an email from a friend containing a short message about an attractive offer that seems too good to be true. Or a trusted company tells you your account is at risk. Emails that arrive unexpectedly and prompt urgent action are often actually phishing emails, messages designed to make you reveal personal information, such as passwords and credit card numbers. The number of phishing attacks doubled in 2020 and hit a record high in January 2021 with over 245,000 attack in one month.1 By some estimates, phishing and social engineering constitute 90% of all cyberattacks.2

Fortunately, most phishing attacks can be easily identified and resisted through the use of reasonable caution and a healthy dose of skepticism. Above are some warning signs and best practices to follow. Be wary of communications that make an unrealistically attractive offer or ask for personal information.

  • Hover over hyperlinks within the message, but don’t click. Does the web address match what you’re expecting?
  • Legitimate companies should never ask for personal information through email. If you receive a link via email to log in to your account, don’t click on it. Instead, use your browser search bar to find the official site for the company and log in from there.
  • Be wary of communications that make an unrealistically attractive offer or ask for personal information. Phishing emails often have a sense of urgency in the language. If the sender seems to be pushing too hard, question the validity of the message.
  • Check the sender’s email address: is every single character accurate, or could this be a spoofed email very similar to an address you would recognize?
  • Unsolicited email warrants extra caution. If you weren’t expecting it, check it carefully.
  • Look for misspellings, grammar or logos that aren’t quite right.


Some fraudulent emails contain attachments or links that enable the cybercriminal to install ransomware—malicious software enabling them to hold your files or system “hostage” until you pay a sum in ransom.

The advice outlined above for phishing will also help protect you from ransomware attacks. Scrutinize any email sent with an attachment, especially if the message was unsolicited or urges you to take immediate action. Never open an attachment from someone you do not know.

In May 2017, a famous, wide-spread malware attack known as “WannaCry” affected approximately 200,000 computers throughout 150 countries.Watch the video below from The Washington Post to learn more about ransomware and WannaCry.

1 Source: APWG | 2 Source: Rubica | 3 Source: Cisco