In the modern age it’s not just the security of paper documentation you need to worry about. Information thieves are increasingly turning to social engineering scams to trick people into giving up personal information or money. With online fraud and phishing scams becoming more prevalent, it’s important to train your employees and yourself to recognise the signs and avoid being caught out.
What Is Email Fraud?
Email fraud is the intentional deception of an individual for personal gain or to cause damage, done through email. Almost as soon as email become widely used, it was deployed to defraud people. Most of us have learnt to ignore and delete messages that are obviously scams (like those from the prince of Nigeria asking you to send thousands of pounds so that he can get out the country and pay you millions in return), but that only means that the scammers have started to get smarter. Now elaborate social engineering scams committed using multiple channels are being used to trick people out of their money, into giving away personal information or to install malicious software onto their computers. These can occur in the form of text messages or phone calls, but the most common form is emails.
According to a report from 2015 generated by Verizon, phishing attached have been a factor in more than two thirds of cyber-espionage incidents against businesses in the past 3 years. The study showed that more than 23% of recipients are still opening scam emails, while 11% open attachments from them, allowing malware to be installed and the scammers access to their machine. While anti-virus software and firewalls can help reduced the risk of infection, but the biggest cause of infection continues to be human error in opening these emails. In order to prevent your business being attacked, it’s important to be able to recognise the red flags for fraudulent emails.
Email Fraud Red Flags
Unknown Sender: Being sent email by an unknown sender is always a big red flag, but many people assume that it may be a potential customer trying to get through. Always be wary of emails from unknown recipients, or those you don’t know that well. Bear in mind that clever cyber criminals are now using social media websites to launch more convincing attacks. For example, they will create a fake LinkedIn or Twitter profile in order to target a specific company, and interact before they send the suspicious email.
Suspect Subjects: Look carefully at the subject line of the email before you do anything. Is it relevant to what you do, or what you would expect your prospects to send? Does it match the content of the emails? If the email references a request that wasn’t actually made by the recipient of the email, proceed with caution.
Other Recipients: If you suddenly find yourself being copied in on an email train with a lot of other recipients you don’t know, you should treat this as a major red flag. Look over all of the recipient email addresses, and if you recognise none, don’t do anything. If you see one you recognise, get in touch with that person by some other method and ask them if the email trail is genuine.
Content Problems: Spelling mistakes, unusual phrases, bad grammar, provocative content or content that simply makes no sense are all signs of a scam email. Emails requesting you to open attachments, reply to emails or install security software with these types of mistakes are often trying to get you to install malware and viruses.
Attachments: Often scam emails will tell you open an attachment, perhaps in an unusual way. If the email you received looks suspicious in any way, don’t open the attachment. Consider whether the attachment you are receiving was expected, or if the sender would normally send this type of email.
Hyperlinks: Instead of attaching malware, some scam emails will instead direct you to click on a link. This link will take you to a malware infested site that may still seem genuine. If you do not know the recipient or aren’t expecting anything, do not click on any links.
Verification Of Information: Because scam emailers know what you expect to be spam, they will start to try and get you to open emails in other ways. They may set up fake email addresses and pose as your bank, telling you there might be a breach on your account. It will tell you to click a link and then verify your information. A genuine bank will never ask you to do this, and if you receive an email like this from any source you should contact the company directly to check whether it is genuine.
Protecting our confidential information can sometimes feel like battling upstream, but it’s important to always be guarded. Never give out your personal information to anyone you don’t know, especially over an email or the phone. Instead try and find out what the red flags are for scammers and be aware of them. If you have any questions about email security or keeping your confidential information safe, get in touch with us for a free consultation.