Typos. Too-good-to-be-true offers. Urgent warnings.
Scammers are getting smarter—and more convincing. New research from the Federal Trade Commission (FTC) reveals that Americans lost a staggering $12.5 billion to fraud in 2024, a 25% increase from the previous year. The median reported loss was $497, with imposter scams alone accounting for nearly $3 billion in losses.
Fraud isn’t just increasing—it’s hitting certain areas harder than others. Florida, Georgia, and Delaware ranked as the top three states with the highest per-capita fraud reports, while California led in total reports with over 500,000 cases.
And where are these scams happening? Scammers are reaching victims through phone calls, text messages, and social media, with social media emerging as one of the most lucrative platforms for fraud—70% of fraud reports linked to social media resulted in financial losses.
With scammers using increasingly sophisticated tactics, knowing how to spot red flags in emails and links is more critical than ever.
Here’s how to protect yourself from the latest phishing threats:
How to Spot a Phishing Email
Red Flags in Emails
- Poor Grammar and Spelling Errors: Legitimate companies proofread their communications. If an email has glaring typos or odd phrasing, it could be a phishing attempt.
- Generic or Strange Greetings: Emails that start with “Dear Customer” instead of your name can be a red flag.
- Urgency or Threats: Scammers create panic, warning that your account will be locked or hacked unless you act fast.
- Suspicious Attachments: Never open unexpected attachments—they may contain malware designed to steal your data.
- Mismatched or Fake Email Addresses: Hover over the sender’s email to check if it’s from the company it claims to be. Be wary of small changes, like “support@paypa1.com” instead of “support@paypal.com.”
How to Identify a Suspicious Link
Simple Steps to Check a Link Before Clicking
- Hover Before You Click: On a computer, hover your mouse over the link to see its actual URL. On mobile, press and hold the link to reveal the full web address.
- Look for HTTPS Encryption: Secure sites use https://—though scammers can still use HTTPS, so don’t rely on this alone.
- Watch for URL Tricks: Scammers tweak domain names slightly to fool you (e.g., “amaz0n.com” instead of “amazon.com”). Be cautious with link shorteners (e.g., bit.ly), which can obscure a scam URL—use a tool like CheckShortURL to reveal the true address.
- Verify with the Company: If an email claims to be from a bank or business, visit their official website by typing the address into your browser rather than clicking the link. Contact their support team if you’re unsure.
How to Protect Yourself from Phishing Attacks
Preventative Measures
- Check Email Headers: In Gmail, click the three dots in the upper-right corner and select ‘Show original’ to inspect sender details.
- Use Security Tools:
- Enable spam filters in your email settings.
- Use McAfee WebAdvisor to block phishing websites.
- Enable two-factor authentication (2FA) for extra security.
What to Do if You Clicked a Suspicious Link
- Disconnect from the internet to prevent malware from spreading.
- Run a virus scan using security software like McAfee+.
- Change your passwords for any potentially compromised accounts.
- Enable 2FA to strengthen your account security.
- Monitor your bank statements for unusual transactions.
Phishing attacks are becoming more deceptive, but staying informed and cautious can protect you. Always verify links and emails before clicking, and use trusted cybersecurity tools like McAfee+ to keep your accounts and data safe.
Stay vigilant—don’t let scammers catch you off guard!