Gone Phishing: Understanding Email Scam Tactics

Scams exist.  That is the simple truth, there are honest people and then there are others who try to cheat.  Email and the technology age facilitate scamming through email.  Often these emails promise jobs or an irresistible offer, but sometimes they are more subtle then that.  This article analyzes the types of email phishing traipsing around the World Wide Web so that, armed with the knowledge of email phishing attacks, you can avoid them in the future.

Job Scams

The first type of phishing I will look at are job scams.   These scams come in three flavors.  First there is the money mule, second the pyramid scheme, and finally the stolen goods mule.

Money Mule:
The money mule scam offers you the opportunity to make lots of money by transferring cash. It appears somewhat legitimate but it is really illegal and you will be the one the evidence points to.

Pyramid schemes

Follow this formula with several people and they will all send you money after you send money to me and other more complex variations of this.

Stolen Goods Mule:

Similar to the money mule but goods are transferred isntead of money.

Irresistible Offer:

Here is the ultimate dream held by many Americans: Get rich quick.  It just doesn’t work.

Spear Phishing:

Spear phishing messages provide you with a link to what appears to be the site and they ask you to log in or to update your password.

Whale Phishing:

Whale phishing is a specific attack against an individual with wealth or access to valuable assets or information.

Awareness of such attacks is increasing but the mere fact that the average user still receives so much spam means that it must be paying off for someone.  Don’t be the one who gets burned.  Educate your employees on the risks.


There are steps that can be taken in order to safeguard yourself against potential malfeasance.  First, always pay attention to the website you are visiting.  Oftentimes, phishers will set up a mirror site that looks exactly like the site you want to see.  Always be skeptical and go to the website directly rather than clicking on any link provided in an email.  Be wary of hyperlinks within emails and remember that banks will not ask for personal information via email.  Installing anti-spam software from a reputable source will greatly diminish your vulnerability to an attack.  Finally, if something phishy does occur to any one of your accounts, change your password and secret questions.

Scamming happens, that is a simple fact.  Today I looked at multiple ways that a person could get burnt ranging from spear phishing to a money mule.  In any case the best defense is a proactive one.  Pay attention to your financials, and always protect your personal information.  Be cautious about any offer that seems too good to be true.  Follow these steps and the job of sifting out what is potentially dangerous versus what is benign becomes much easier.

Request Info

TCDI | Computer Forensics | Cybersecurity | Litigation Technology