A recent study by tech retailer Currys looked at Google searches in the UK around scam emails, and it seems Evri is the favourite brand scammers are using to target their victims, with 39,978 searches over the past year for “evri scam email”. These searches have also increased by 823% over the past 12 months, when comparing search volume in March 2023 to February 2024.
The next brand scammers hide behind most is PayPal with 28,900 searches over 12 months for “paypal scam email”, however, the monthly search volume for this has decreased by 19% over the past 12 months. And Amazon was the third brand most people were searching in relation to scam emails, with 14,000 annual searches for “amazon scam email”.
|
|
Keywords |
Search volume over 12 months |
% difference in search volume |
|
1 |
evri scam email |
39978 |
823% |
|
2 |
paypal scam email |
28900 |
-19% |
|
3 |
amazon scam email |
14000 |
-12% |
|
4 |
natwest scam email |
12409 |
-56% |
|
5 |
bt scam email |
9790 |
0% |
|
6 |
hmrc scam email |
9660 |
0% |
|
7 |
royal mail scam email |
9653 |
296% |
|
8 |
microsoft scam email |
9270 |
-33% |
|
9 |
geek squad scam email |
7871 |
120% |
|
10 |
fedex email scam |
7789 |
-84% |
When it comes to the ones gaining momentum, these are the top five brands that scammers are using more now compared to a year ago to trick Brits.
|
|
Searches |
% difference in search volume |
|
1 |
boots scam email |
2500% |
|
2 |
evri scam email |
823% |
|
3 |
booking.com scam email |
324% |
|
4 |
royal mail scam email |
296% |
|
5 |
screwfix scam email |
243% |
AI can’t detect 10% of scam emails
The study also used two forms of AI to analyse a mixture of 40 genuine and scam emails, asking it to identify whether the email was a phishing attempt or a genuine communication from a brand.
The study discovered that both AI assistants incorrectly identified 10% of the mixture of scam and legitimate emails fed to them. Perplexity was better at discovering the spam emails, correct in 28 out of 29 cases, compared to Chat GPT 4 which only identified 27 out of 29 correctly.
And when it came to the legitimate emails, both recognised even less. Perplexity incorrectly categorised three genuine emails as spam and Chat GPT 4 did the same for two.
|
AI system |
Total spam emails correct |
Total genuine emails correct |
Total correct overall |
|
Chat GPT-4 |
27 out of 29 |
9 out of 11 |
36 out of 40 |
|
Perplexity |
28 out of 29 |
8 out of 11 |
36 out of 40 |
This highlights the increased sophistication of phishing emails, suggesting more of the public will fall victim to them, particularly as the National Cyber Security Centre (NCSC) said that AI would “almost certainly” increase the volume of cyber-attacks and heighten their impact over the next two years. This is due to cyber criminals using the technology to approach potential victims in a more convincing way by creating fake “lure documents” (such as scam emails) that don’t contain the translation, spelling or grammatical errors that tended to give away phishing attacks.
7 quick tips for identifying phishing attempts
Here are some quick tips on how to spot a phishing email from sources such as Crimestoppers UK, National Cyber Security Centre, Which? And Stop Fraud Now:
- Check the sender’s email address: Legitimate companies use domain emails, which are usually the name of the company. Be wary of emails from a public domain (like @gmail.com or @yahoo.com) or with misspelled domains that look similar to real ones.
- Look for poor spelling and grammar: Professional organisations proofread their communications. Frequent spelling and grammar errors can be a red flag. Although with the help of AI this will become less frequent.
- Be sceptical of urgent requests for info: Phishing emails often create a sense of urgency, like threatening to close an account unless you update your information immediately. A legitimate company will never rush you in this way.
- Don’t click on suspicious links: Hover over any links in the email (without clicking) to see the URL or web address. If it looks strange or doesn’t match the company’s official website, don’t click it. Some scammers will use link shorteners like Bit.ly to hide malicious links; brands are unlikely to do this.
- Check for generic greetings: Phishing emails often use generic greetings like “Dear Customer” instead of your name. Companies you do business with usually personalise their emails. They may have tech sophisticated enough to take the first part of your email address however so be sure to sense check the greeting.
- Beware of requests for personal info: Legitimate companies will not ask for sensitive information via email. Be cautious of emails requesting passwords, account numbers, or other personal details.
- Look for inconsistencies: Sometimes, the scam is in the details. Check for slight variations in email addresses, links, and domain names. These errors might be easy to overlook at first glance, so check carefully.
It is advised that any individual who may have seen or unwittingly interacted with a fraudulent web page or app to report the details to Action Fraud.
Anyone concerned by these pages or who wants guidance on protecting themselves from this sort of criminal activity is advised to visit Citizens Advice’s excellent resource for identifying scams: https://www.citizensadvice.org.uk/consumer/scams/check-if-something-might-be-a-scam/.
