Fake invitations to connect on LinkedIn have become the most popular way for online fraudsters to try to ensnare their victims.
Such phishing emails are becoming harder to detect, with scammers increasingly targeting their messages to make them more plausible. As a result, promises of African fortunes are becoming rarer, and other lures are being used instead.
Security firm WebSense recently carried out an analysis of the top five subject lines in phishing emails during the first nine months of last year. They were surprisingly plausible:
1. Invitation to connect on LinkedIn
2. Mail delivery failed: returning message to sender
3. Dear <insert bank name here> Customer
4. Comunicazione importante
5. Undelivered Mail Returned to Sender
"Today's phishing campaigns are lower in volume but much more targeted. Cybercriminals aren't simply throwing millions of emails over the fence," says the company's Elisabeth Olsen. "They are instead targeting their attack strategies with sophisticated techniques and integrating social engineering tactics."
This means, she says, using social networks to gather information about potential victims to make sure their approach is as plausible as possible.
"Once the intelligence is harvested, they use that information to carefully construct email lures and yield maximum success," she says.
Key to the success of both the LinkedIn invitation and the undelivered mail messages is that they appear so very ordinary - making it far more likely that victims will click a link within the email without giving it too much thought. Doing so, though, can potentially allow criminals to place malware on their computers, monitoring activity and stealing financial log-in information.
Protecting yourself, says Gary Davis, VP of global consumer marketing for security firm McAfee, is a question of taking a few simple precautions - including, of course, installing security software and keeping it up to date. He advises computer users never to open attachments or click on links sent by people you don't know. If you do visit a website via a link in an email and you're asked to supply any personal information - don't.
And, he says, be very cautious on social networks.
"Cybercriminals take advantage of our natural instinct to trust those we know well. By hacking someone's social media account and posting a link or sending a flurry of messages as that person, criminals know that they have a high likelihood of duping people into clicking on a link," he says.
"Even if sent through a friend, be cautious if things look suspicious, especially if the message contains only a link and no text."
The biggest scams of 2013
The top 5 email subject lines online scammers use to hook you
First Direct found that the most common type of fraud was the 'fake email', which makes up 53% of all scams. This is also known as phishing, and involves the fraudsters contacting you, requesting personal information like passwords and PINs.
They use all kinds of methods to persuade you to reveal your details: from pretending to be your bank, to pretending to be the taxman. Earlier this year HMRC warned people to watch out for scam emails promising tax credit refunds in return for account details - timed to coincide with a major advertising campaign to remind people to renew their tax credits.
This is an old and established scam, but is the second most prevalent in the UK this year. It involves someone getting in contact with a sob story, and asking for a sum of money in return for paying you a larger sum. If you pay up you may get requests for more cash but you will never receive a payout.
This year the horrible twist on the scam was that the gangs pretended to be a victim of the war in Syria, in desperate need of money and able to pay you from money he has hidden overseas, once you give him enough money to escape the country.
This is a new take on phishing, which Financial Fraud Action warned about in August. They said victims receive a cold call asking for personal or financial information. Some 39% of all people targeted by these calls said they found it difficult to tell if the person was genuinely from their bank or whether it was a scam. First Direct says this is the third most prevalent type of scam.
Duplicating your bank cards made up 14% of fraud this year. Old-fashioned card scams are actually on the rise this year. The experts say that the introduction of chip and PIN means 'crude scams' are back in vogue, where criminals distract people in shops and bars, or shoulder surf at cash machines and then steal customers' cards without them noticing.
These also make up 14% of all scams. You receive an email telling you that you have won a lottery. All you have to do is get in touch with the 'claims agent' who you'll need to pay a 'processing fee' or a 'transfer charge' to. These 'agents' are all criminals, who will just take your money and run.
We warned in November of a boom in phoney research calls. Boiler room operatives will call pretending to be university researchers looking into investor confidence. In fact, they are just trying to find out how best to exploit you: asking how much cash you have, your attitude to risk, and determining whether an appeal to greed would work.
Back in May we warned that you could receive a telephone call out of the blue from someone claiming to be from Microsoft. The scammers were using a variety of techniques to extract money from their victims. These included infecting computers with malware and charging to remove it, charging people a fortune for help they didn't want or need, or even just asking for their credit card details.
This is not a new type of scam. For years now different types of Trojan viruses have been embedded in various web pages and links. If you click on the page or link you're taken to malicious websites, which install a virus. The virus then quietly sits on your computer, stealing passwords and account details until it has enough details to empty your bank accounts.
This scam took two very popular forms this year. The first was a link sent in an email pretending to be from Facebook, and inviting you to click the link. When you did, it would install the virus and then send the link to your Facebook friends.
The other form was a page with a fake YouTube video in the background, which claimed to show Rita Ora's famous wardrobe malfunction. However, the site prompts you to enter your Facebook details, so you can see the video and 'personalise your experience'. The criminals then have access to your Facebook account.
As the jobs market continues to be tight, the job offer scam is still a real risk. Financial Fraud Action issued a warning about fake online job offers, that could turn innocent job hunters into unwitting money launderers.
The jobs offered are called things like "payment processing agents" or "administration assistants". They involve the payment of the proceeds of crimes into your bank account. You then pay the cash into an overseas account, effectively hiding the money and laundering it for criminals. In return you receive a share of the money. This is a criminal act.
These reached a peak this year after One Direction collected their Brit award (pictured) and announced a World Tour - and demand for the tickets exploded. The scammers set up fake sites offering tickets to sold-out gigs. Desperate fans trawling the net would stumble across them and take a risk. They handed over hundreds of pounds, the criminals took the money, shut the website, and ran.