Could You Spot These Scam Emails?
8th May 2018
76% of Organisations Reported Being a Victim of a Phishing Attack in 2017
source: wombatsecurity.com ‘2018 State of the Phish™’
As we’re sure you are aware, ‘phishing’ is when scammers pose as legitimate organisations via email. All they need to do is get you to click on something, and they can access to sensitive information or install malware on your computer.
Unfortunately it is growing, because scammers are constantly finding new methods and tactics. It is part of our job to protect our clients from scam emails, and to remain vigilant in spotting new cybersecurity threats. This article will give you critical information about email scams, as well as top tips for identifying a suspicious email.
4 Types of Email Scams Your Company Needs to Look Out For
- Fake Invoices
These are the most common phishing tactic, according to Symantec’s 2017 Internet Security Threat Report. You’ll receive an email informing you that you have been charged for a particular product or service. You will then be informed you that you can download the invoice with the total amount as an attachment. As the recipient will not be able to recall agreeing to the transaction, they are tricked into downloading the ‘invoice.’
- CEO Fraud
This is also referred to as a Business Email Compromise (BEC) scam. Many phishing scammers pose as companies, whereas this particular scam entails posing as a person. Employees of a company are emailed from a supposed ‘executive’, requesting them to confirm account credentials or authorise transfers of money. The London Police’s National Fraud Intelligence Bureau reported in 2016 that CEO fraud has cost UK businesses over £32 million.
- Deactivation Scares
People often make rash decisions when they are under pressure, and scam emails depend on this to work. A ‘deactivation scare’ email will threaten to disable your account, inactivity being a common excuse, unless you enter your username and password. Another standard ploy is to make it time-sensitive. This sense of urgency stops people thinking properly about what is being asked of them. Before they know it, they’ve given their personal information away.
- Unsolicited SEO Services
Some scam emails make use of threats, others promise the world with no catch at all. The standard SEO scam email gives you an extensive list of things that are supposedly wrong with your website, and tells you that your search engine rankings are plummeting as a result. They then promise a magical solution that requires nothing but clicking on a link. The real irony of this is that scammers most likely identified your website by consulting which ones rank well on Google.
What’s Wrong with This Email?
A scam email came to our attention recently. We realised that it was a scam email almost instantly, but we’re sure the same can’t be said for some of its other recipients. Cybercriminals are smart, and it’s concerning how many professionals fail to spot common signs of a scam email. Could you spot any of these?
- Non-Specific Terms of Address
This email isn’t addressed to the recipient personally. Not only is that, despite multiple references to ‘your website’, the URL not mentioned once at all. That suggests that this email is being sent to multiple people at once. After all, when it comes to phishing it helps to cast the net wide.
- Inconsistencies in What the Sender is Telling You
Read these two lines and see if you can spot the inconsistency between the two:
Yahoo and Bing are not mentioned at the beginning of this email at all. This SEO company has suddenly gone from being Google-focused to promising complete search engine dominance! Scrutinising emails for these kinds of inconsistencies is a sure-fire way to fend off scammers.
- A Gmail or Yahoo Address That is Supposed to Belong to a Company
This is probably the biggest giveaway that this is a scam email, that and the use of Jenny Smith as an alias! Any company worth its salt will have “@companyname” as its email address. A scammer on the other hand, will simply create a generic email address. This is a great example of how spotting a scam email can simply be down to something just not looking right.
3 Questions to Ask Yourself if You Suspect You’ve Received a Scam Email
Does it look professional?
As a business, we have high standards for outgoing communication. Scammers on the other hand, have one purpose when sending out an email, and it isn’t passing a spell checker! On the other hand some common scams, such as those Nigerian bank account emails, use broken English on purpose. Remember what the sender is claiming to be, and see if this matches up with what they’ve written.
Can you confirm whether it is legitimate without clicking on it?
If you suspect you’ve received an email from someone posing as a company, and it is prompting you to click on a link, hover over it. This will give you the chance to see if it will take you to their actual website or somewhere else. If you cannot completely confirm if it is coming from their legitimate website, do not click on it.
What happens when you do some research?
Victims of email scams will often post on forums or regulatory websites to warn others. These are also a great resource for companies who want to be proactive in their knowledge of cybersecurity threats. A quick Google search could be all it takes to stop you from getting scammed.
Hopefully reading this article makes you feel better equipped to watch out for scam emails. At Netmatters, our team can conduct a thorough cybersecurity audit so you can find out just how prepared you are in the event of a scam or cyber-attack. If you are interested in having a cutting-edge cybersecurity strategy tailored for your business, contact Netmatters today.