Advice on phishing email scams

Document created by mnaggar Employee on Oct 31, 2018Last modified by jyamada on Jan 23, 2019
Version 13Show Document
  • View in full screen mode

There are a variety of phishing emails out in circulation. If you received an email making claims they planted a trojan or keylogger or video capture on your device, do not accept the claims at face value. The emails are scary by design. Its important to know that these phishing emails are designed to scare you into giving out money or valuable personal information.

 

Delete the email. Take the precaution listed below. Email control is not in the scope of Malwarebytes software. All email that shows on your Inbox is housed at the email service provider, and not in your machine. The following sections provide common sense advice on what to do after receiving fake, scam, or phishing emails.

 

Change any password mentioned in email

If the phishing email cites any of your passwords, change that password to something else. Your password may have leaked out of your browser in the long ago past, or some other info like your email address was leaked in a data breach. See the Malwarebytes Blog article Data scraping treasure trove found in the wild for more information.

 

  • Change your passwords - Do not use the same password on social media sites. Consider not using single sign-on across multiple websites.

  • Use strong passwords - Create long passwords with a mix of letters, numbers, and symbols. Do not tie them to personal information that could be discovered on social media.

 

Add ad block extension to web browsers

Consider adding an ad block extension to any web browser you use, especially if you use a web-based email service. Malwarebytes offers a  browser extension beta for Chrome and a separate browser extension beta for Firefox browserSee the Malwarebytes Blog article How to tighten security and increase privacy on your browser for more information.

 

Add sender's email address to your email blocked senders list

Take note of the email address of the sender, and consider adding to your email provider's block list. The following two Malwarebytes Blog articles offer advice on avoiding scam phishing emails, and bad actors to watch out for:

 

Submit emails for analysis of the email header

See the following two websites to submit email headers for analysis: 

 

Keep in mind that the scammers will spoof their return email address.

 

Confirm if email address is compromised

See the following website to check if you have an online account that has been compromised in a data breach:

 

Lastly, never leave your email address or personally identifiable data out in the open on social media or other public sites. For more information about phishing emails, see our article All about phishing.

Attachments

    Outcomes