FBI Warns Gmail, Apple Mail, Outlook Users—Emailing These 2 Words Is Dangerous

The cyber threat landscape is getting worse. Driven by new and frightening AI-fueled threats, it is becoming ever harder to tell real from fake, safe from sorry. With “criminals exploiting generative artificial intelligence (AI) to commit fraud on a larger scale, which increases the believability of their schemes,” as the FBI warned last month, it would be great to know some of the telltale signs to help us root out the threats now sneaking into our inboxes.

The vast majority of cyber attacks start with a phishing email, and so better security of our Gmail, Outlook and Apple Mail inboxes, as well as any others, would make a huge difference. Email remains a backward technology in need of a refresh — it is clear the platforms can do a better job keeping us safe, and to make better use of AI to filter out threats.

ForbesNew Porn Ban Threat—Millions Of iPhone, iPad, Android Users Now At RiskBy Zak Doffman

Sometimes, though, it’s the little things that help. So it is with the latest FBI warning, which gives you one strong indicator that an email needs to be deleted before it’s read or even opened. “Pressure to ‘act fast’,” the bureau says could easily be “a sign of a scam.” I will go further. Any email that stresses urgency or the need to “act fast” — unless it’s from someone you undeniably know and absolutely trust — should be avoided.

Microsoft echoes this, warning that you should “be suspicious of emails that claim you must click, call, or open an attachment immediately. Often, they'll claim you have to act now to claim a reward or avoid a penalty. Creating a false sense of urgency is a common trick of phishing attacks and scams. They do that so that you won't think about it too much.”

And Google says exactly the same: “Slow it down. Scams are often designed to create a sense of urgency, and often use terms like ‘urgent, immediate, deactivate, unauthorized, etc.’ Take time to ask questions and think it through.”

This latest FBI warning comes as part of a package of suggested measures to protect against scammers using major disasters as a lure to trick victims — the California fires by way of example. And that’s the other warning sign. Criminals need a hook, and what better hook than a disaster that may have impacted you directly or where you might want to offer charitable assistance. Or it could be very different, recovering a TikTok account during the shutdown, for example.

ESET’s Jake Moore warns that “forcing people to act quickly and think later can be an effective way to make people respond immediately without leaving any time to err on the side of caution. Therefore, however persuaded you may feel to respond, it is always worth remembering to take your time and carry out due diligence where necessary.”

And CISA — the U.S. cyber defense agency — suggests being very wary of any emails that use “urgent or emotionally appealing language, especially messages that claim dire consequences for not responding immediately... If a message looks suspicious, it's probably phishing... However, if you think it could be real, don't click on any link or call any number in the message. Look up another way to contact the company or person directly.”

That said, more sophisticated phishing emails are looking much less suspicious than they ever have before. AI helps tone language and removes mistakes in spelling and grammar, it also crafts realistic imagery and can mimic any brand.

ForbesNew Warning As Microsoft Confirms Password Deletion For 1 Billion UsersBy Zak Doffman

The FBI’s phishing advice remains as valid as ever — notwithstanding that AI makes it more difficult to identify a threat with a cursory scan of the copy and imagery:

• “Remember that companies generally don’t contact you to ask for your username or password.
• Don’t click on anything in an unsolicited email or text message. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing), and call the company to ask if the request is legitimate.
• Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
• Be careful what you download. Never open an email attachment from someone you don’t know and be wary of email attachments forwarded to you.
• Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
• Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, family members, and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.”

“Impressive manipulation tactics are constantly improving,” ESET’s Moore told me, “and can often leave people stunned at how easily they were influenced. Scam communication draws on heavy emotional influential messaging and manipulating tactics which can work very efficiently on unbeknown victims.”

You have been warned — do not “act fast” after all.