Last week, my calendar went crazy with event invites. These weren’t real meetings or even something fun like brunch plans — they were sketchy “appointments” from strangers. It’s just one common phishing technique you need to look out for.
I’ll tell you how I fixed it, but first, here are six other phishing subject lines that should set off alarm bells. See one in your inbox? Mark it as spam!
Your delivery was unsuccessful
Home deliveries for online orders are more common now than ever, but that means we’re more used to missed order notices. Scammers love using this line as it can seem personal to anyone who shops online regularly.
They’re after money, and no delivery service should need that before re-delivery. Delete.
Action required: Your Payment Was Declined
Scammers need a reason to get your attention and, more importantly, get you to do something. That could be as simple as clicking a link or visiting a website. Declined payments aren’t common, but it is something you’ll need to do something about if true.
It’s probably not, but if in doubt, visit the website or payment provider directly.
RE: Anything
It’s an oldie but a goodie (for the scammers). Starting an email subject with the prefix “Re:” suggests that you’ve been in communication with this person previously and they’re just continuing the conversation.
But they aren’t. They’re dirty scammers and we won’t be continuing that fictional conversation, no matter how interested we are.
Payroll has been delayed
Nobody likes being paid late, and any delay could be more than a hassle for anyone living paycheck to paycheck. Scammers rely on that fear with this particular scam email.
Unless your boss usually contacts you via email when there’s a payment-related issue, steer clear of these.
Dropbox: Document shared with you
This one’s particularly insidious because document sharing via a cloud service is common. These emails can also look legitimate, making them hard to spot. Always hover over any buttons or links before clicking to check the URL in the bottom corner of the browser window.
Better yet, ask the person who claims to be sharing the link with you if it’s legit before clicking.
Mail Notification: You have 5 Encrypted Messages
You might, but chances are, you don’t. Gmail doesn’t structure emails like this. Outlook doesn’t, and neither does Yahoo. You aren’t going to get an email telling you that you have emails unless your organization has a particular security tool to manage them. Check with your IT manager, or delete this one out of hand. It’s bogus.
Camp Lejeune class action lawsuit
You’ve likely heard ads on TV or radio about the Camp Lejeune class action lawsuit for U.S. military veterans and their families exposed to tainted water at the camp. Marketing agencies and law firms spent over $40 million advertising the case.
The Better Business Bureau (BBB) warns that scammers are now jumping on board. They hope all the media attention will make it easier to trick people, especially military personnel, into falling for these scams.
Here’s how the scams work: You get an email claiming you are entitled to tens of thousands of dollars. You must click a link or call a number to get compensation. But beware! Clicking the link could infect your device with malware, putting you at risk for identity theft.
In other versions of the scam, thieves claim you need to pay an upfront fee so that they can file your case. If you pay them, they’ll continue to ask for more “filing fees” until you become suspicious. As soon as you realize the con, the scammer will disappear with your information and money.
How to avoid email scams
In addition to spotting suspicious subject lines, there are other precautions you can take to stay safe. Here are some ideas.
- Safeguard your information — Never give out personal data if you don’t know the sender of a text or email or can’t verify their identity. Criminals only need your name, email address and telephone number to rip you off.
- Always use 2FA — Use two-factor authentication (2FA) for better security whenever available. Tap or click here for details on 2FA.
- Avoid links and attachments — Don’t click on links or attachments you receive in unsolicited emails. They could be malicious, infect your device with malware and/or steal sensitive information.
- Use strong, unique passwords — Have unique passwords for every online account. That way, if one account is breached, it doesn’t put others at risk. Tap or click here for an easy way to follow this step with password managers.
- Antivirus is vital — Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!