Evri, Amazon and Paypal among the brands most used by scammers, study reveals

A recent study by tech retailer Currys looked at Google searches in the UK around scam emails, and it seems Evri is the favourite brand scammers are using to target their victims, with 39,978 searches over the past year for “evri scam email”. These searches have also increased by 823% over the past 12 months, when comparing search volume in March 2023 to February 2024.

The next brand scammers hide behind most is PayPal with 28,900 searches over 12 months for “paypal scam email”, however, the monthly search volume for this has decreased by 19% over the past 12 months. And Amazon was the third brand most people were searching in relation to scam emails, with 14,000 annual searches for “amazon scam email”.

Keywords

Search volume over 12 months
(Mar 23-Feb 24)

% difference in search volume
(Mar 23 vs Feb 24)

1

evri scam email

39978

823%

2

paypal scam email

28900

-19%

3

amazon scam email

14000

-12%

4

natwest scam email

12409

-56%

5

bt scam email

9790

0%

6

hmrc scam email

9660

0%

7

royal mail scam email

9653

296%

8

microsoft scam email

9270

-33%

9

geek squad scam email

7871

120%

10

fedex email scam

7789

-84%

When it comes to the ones gaining momentum, these are the top five brands that scammers are using more now compared to a year ago to trick Brits.

Searches

% difference in search volume
(Mar 23 vs Feb 24)

1

boots scam email

2500%

2

evri scam email

823%

3

booking.com scam email

324%

4

royal mail scam email

296%

5

screwfix scam email

243%

AI can’t detect 10% of scam emails

The study also used two forms of AI to analyse a mixture of 40 genuine and scam emails, asking it to identify whether the email was a phishing attempt or a genuine communication from a brand.

The study discovered that both AI assistants incorrectly identified 10% of the mixture of scam and legitimate emails fed to them. Perplexity was better at discovering the spam emails, correct in 28 out of 29 cases, compared to Chat GPT 4 which only identified 27 out of 29 correctly.

And when it came to the legitimate emails, both recognised even less. Perplexity incorrectly categorised three genuine emails as spam and Chat GPT 4 did the same for two.

AI system

Total spam emails correct

Total genuine emails correct

Total correct overall

Chat GPT-4

27 out of 29

9 out of 11

36 out of 40

Perplexity

28 out of 29

8 out of 11

36 out of 40

This highlights the increased sophistication of phishing emails, suggesting more of the public will fall victim to them, particularly as the National Cyber Security Centre (NCSC) said that AI would “almost certainly” increase the volume of cyber-attacks and heighten their impact over the next two years. This is due to cyber criminals using the technology to approach potential victims in a more convincing way by creating fake “lure documents” (such as scam emails) that don’t contain the translation, spelling or grammatical errors that tended to give away phishing attacks.

7 quick tips for identifying phishing attempts

Here are some quick tips on how to spot a phishing email from sources such as Crimestoppers UK, National Cyber Security Centre, Which? And Stop Fraud Now:

  • Check the sender’s email address: Legitimate companies use domain emails, which are usually the name of the company. Be wary of emails from a public domain (like @gmail.com or @yahoo.com) or with misspelled domains that look similar to real ones.
  • Look for poor spelling and grammar: Professional organisations proofread their communications. Frequent spelling and grammar errors can be a red flag. Although with the help of AI this will become less frequent.
  • Be sceptical of urgent requests for info: Phishing emails often create a sense of urgency, like threatening to close an account unless you update your information immediately. A legitimate company will never rush you in this way.
  • Don’t click on suspicious links: Hover over any links in the email (without clicking) to see the URL or web address. If it looks strange or doesn’t match the company’s official website, don’t click it. Some scammers will use link shorteners like Bit.ly to hide malicious links; brands are unlikely to do this.
  • Check for generic greetings: Phishing emails often use generic greetings like “Dear Customer” instead of your name. Companies you do business with usually personalise their emails. They may have tech sophisticated enough to take the first part of your email address however so be sure to sense check the greeting.
  • Beware of requests for personal info: Legitimate companies will not ask for sensitive information via email. Be cautious of emails requesting passwords, account numbers, or other personal details.
  • Look for inconsistencies: Sometimes, the scam is in the details. Check for slight variations in email addresses, links, and domain names. These errors might be easy to overlook at first glance, so check carefully.

It is advised that any individual who may have seen or unwittingly interacted with a fraudulent web page or app to report the details to Action Fraud.

Anyone concerned by these pages or who wants guidance on protecting themselves from this sort of criminal activity is advised to visit Citizens Advice’s excellent resource for identifying scams: https://www.citizensadvice.org.uk/consumer/scams/check-if-something-might-be-a-scam/.

Latest articles

spot_imgspot_img

Related articles

spot_imgspot_img