FBI Advise Users of Gmail, Outlook, Apple Mail: Verify Three Elements to Prevent Assaults
It's the time of year for caution—especially when it comes to the growing number of attacks targeting email users of Gmail, Outlook, Apple Mail, and other platforms. So, it's no surprise that the FBI has launched a new campaign to help email users stay safe. The only trickster you should encounter this season, the bureau warns, is the 'Naughty Elf.'
"Scammers," the FBI cautions, "use alluring deals and offers through phishing emails or ads. Such schemes may promise well-known merchandise at unbelievably low prices, offer gift cards as incentives, or offer products at amazingly low costs. However, the product you receive rarely matches what was ordered."
Their advice boils down to three essential things to analyze with every unsolicited email that lands in your inbox before clicking your way into trouble: Review the sender's email address; inspect any URL before clicking or engaging; and scrutinize the email's spelling and grammar, as well as the URL.
We've seen a tremendous increase in phishing and fraudulent web domains during this holiday season, with all threats on the rise. Mastered by AI, it's now easier for attackers to create convincing emails and websites, mimicking logos and other product imagery, even refining the language to make it more appealing and trustworthy.
The best advice still remains to ignore marketing emails—especially with research suggesting that the majority of these are now either scams, fraud, or worse. If you enjoy an offer, navigate to it by visiting the website directly or using a search engine. However, watch out for SEO poisoning as well. It's become an increasingly treacherous online world, and caution is fully justified.
The FBI's "phishing attack guidance" remains unchanged:
- "Remember that companies usually don't ask you for your username or password.
- Refrain from clicking on anything in an unsolicited email or text message. Look up the company's phone number by yourself (don't use the one provided by a potential scammer), and call the company to verify the legitimacy of the request.
- Examine the email address, URL, and spelling carefully used in any correspondence. Scammers use subtle variations to deceive the eye and gain your trust.
- Be cautious about what you download. Never open an email attachment from an unknown sender and be wary of email attachments forwarded to you.
- Configure two-factor (or multi-factor) authentication for any account that allows it, and never deactivate it.
- Be mindful of what information you share online or on social media. By openly sharing details like pet names, schools you attended, family members, and your birthday, you are providing a scammer with all the information they need to guess your password or answer security questions."
Google's Gmail team has issued its own advice, warning that "since mid-November, we've seen a massive increase in email traffic compared to previous months, making protecting inboxes an even greater challenge than usual." The team claims that "Gmail blocks more than 99.9% of spam, phishing, and malware." While security has improved, the company has issued its own advice for users:
- "Slow it down." Scams often create a sense of urgency, using terms such as "urgent, immediate, deactivate, unauthorized, etc." Take your time to ask questions and consciously reflect.
- Second-check. Do your research to double-verify the details of an email. Does the email make sense? Can the email address of the sender be verified?
- Stop! No reputable person or organization will ever demand payment or personal information instantly.
- Report it. If you see something questionable, mark it as spam. By doing so, you'll be cleaning up your Inbox and making it safer for billions of other users as well."
Just as expected, an email attack drew attention of its own earlier this week, with the Daily Dot reporting that "a tech expert is warning his followers to be on the lookout for the latest Apple email scam." In his TikTok video, Scott Polderman warns other users that "the reason this is working so well for hackers is because they catch you off guard. And unfortunately, it's really effective with those who are less tech-savvy." This point is crucial—while those reading this article might be aware of such attacks, in reality, the majority of users are not, and they remain vulnerable.
In his TikTok video, Polderman shares an email that appears to be from Apple, offering tips on keeping your account secure. The format of the email closely resembles an authentic Apple email, and it might resemble the kind of email users usually receive to check their settings. The email even includes details on how to establish a legacy contact after death, meaning someone will then have access to your account. Polderman notes that even the fine print at the end of the email is "basically verbatim what you would see on the Apple website."
However, just as the FBI advises, checking the actual email sender quickly reveals the scam. "This shows me it is not from Apple.com." This is the first thing to examine. Click on the name you see in your email app, which is easy to imitate, but the underlying full email address is the giveaway.
Scam artists are crafty and often use language that might resemble a legitimate business' email address, but it's usually complex and doesn't come from the genuine domain. While it's feasible to replicate this, it's not a common practice. Most phishing attempts can be identified using this basic check. Always suspect an email until you've carried out at least this.
However, be aware that while this is a simple phishing indicator, more advanced attacks figure out ways around it. Even the hijacking of real email addresses is possible, making it harder to distinguish the scam. But if an email claims to be from a well-known corporation like Apple, Microsoft, or Meta, their primary email domain won't have been hijacked.
I ran a quick scan of the last 25 phishing emails I received, and all failed this test, despite the email content and graphics becoming increasingly hard to detect due to the FBI's AI warning. Scammers are becoming better at deceiving email users, as evident in Polderman's video with the Apple logo and typography. AI plays a crucial role in making everything seem more real. You can't rely on a single test for certainty. Therefore, the FBI's most straightforward advice still stands: "If it seems too good to be true, it probably is."
During this holiday shopping season, numerous phishing attempts and fraudulent web domains have surfaced, making web shopping more dangerous than ever. These scams often take advantage of enticing deals and offers, promising popular merchandise at unusually low prices or offering incentives such as gift cards. The FBI warns against falling for these schemes, as the product received rarely matches what was ordered.
In line with this warning, Google's Gmail team has issued its own advice, citing a massive increase in email traffic since mid-November, making it more challenging than ever to protect inboxes. The Gmail team emphasizes the importance of taking one's time to analyze unsolicited emails, verifying email sender information, and avoiding any sense of urgency or demand for immediate payment or personal information.
Moreover, the FBI's phishing attack guidance remains unchanged, advising users to be wary of unsolicited emails or text messages, verify information by contacting the company directly, and scrutinize the email address, URL, and spelling used in any correspondence. Users should also never open an email attachment from an unknown sender and configure two-factor authentication for their accounts, among other cautions.
