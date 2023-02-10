Fast company logo
I paid how much for antivirus software?!?!!

Phishing scams are getting more devious. Here’s how to outwit them

[Source illustration: mikroman6/Getty Images]

BY Doug Aamoth3 minute read

I received an . . . ahem . . . interesting email message in my Gmail inbox this morning, thanking me for my PayPal transaction of $579 for two years of antivirus software that was being shipped to me UPS priority overnight.

It was so painfully full of red flags indicating that it was a phishing scam out to steal my money that I thought it interesting that Gmail didn’t catch it and prevent it from reaching my inbox at all. So I decided to investigate a bit.

Now, there are a few ways that cybercrooks attempt to hook people via emails such as these—some are a bit more straightforward than others.

The first is to send you a “poisoned attachment” and convince you to run it. It may look like a document but actually be a program in disguise. Once you run it, it installs malware or ransomware on your computer.

Good email services are generally pretty adept at weeding these out, but this method is still in use today. It’s a bit lazy, often labeled as a “spray and pray” scam: send out as many emails as possible and hope that a handful of people fall for it.

The second is “credential theft.” These emails don’t contain poisoned attachments, but often contain links to fake websites that look and feel just like the real thing.

