You've got mail - email scams increasingly difficult to detect
We have all received a mass email at some point saying "Congratulations! You have won...". Most of us have also learned by now not to follow the link or download a file from an unknown sender writing in broken Swedish. However, the modus operandi of these scam emails has been refined over the years and today a record number of attacks are being carried out to get your email identity. In the second half of 2017, security firm Trend Micro's security tools detected more than twice as many CEO email scams as in the previous six months. So how can an email scam happen - and what are the warning signs?
Methods and motives for email fraud
Email fraud can happen in a number of ways, but the most common is that the scammer either makes it look like the email was sent from you, even though they don't have access to the account - which doesn't involve hacking the account. Or the scammer takes over your email and sends out emails using your account details - which is more difficult to detect.
The fraudster often has two main motives - financial, where the aim is to trick the recipient into making payments. Or they want to use your account to further steal other people's identities or data.
How an email scam can happen
A possible scenario for an email scam could look something like this:
The fraudster identifies a number of key people in the company - one of whom is usually responsible for the finances. A well-worded email is sent to the financial manager asking him or her to make a quick payment. The sender is, at least ostensibly, someone with the authority to make such decisions - such as the CEO. If it is a well thought-out scam, the fraudster can conduct entire email conversations with the recipient without them noticing. This is because the fraudster has read up on the various individuals in the company by studying previous conversations and thus knows how they express themselves in emails. The unsuspecting financial manager makes the payment and the money is gone.
Risk factors for email fraud
The basic problem is often a lack of internal procedures to prevent this kind of rapid large payments based on email conversations. But the approaches have become so sophisticated that it is often difficult to see through the scam. Combined with inadequate account protection and technology that identifies suspicious activity, the vulnerabilities become greater and the risk of your email account being hacked increases.
You often put yourself at risk when you register somewhere online - be it social media or any other online service. You often use your work email and register the same password you use at work. From time to time, such sites leak account information about users, which is then spread on the dark web and users have now been "pwned" - internet slang for owned. This allows email scammers to access the data and gain access to your account.
The scammer can then also send emails to your contacts with a file that appears to be something you want to share. The file is locked and your contact is asked to log in, for example with their Google account, so a single hacked account can lead to thousands more accounts being compromised.
The consequences of an email scam
So if a fraudster gains access to your email account, you risk losing large amounts of money. Or your business secrets could be revealed. Recently, with the introduction of the new General Data Protection Regulation (GDPR), the consequences of your contact details being leaked have become increasingly significant. Such a breach must always be reported to the Data Protection Authority, otherwise you risk large fines and not least - your reputation. If your email is hijacked, you also put your customers at risk because the fraudster can pretend to be you and thus trick them into making payments intended for your company to their own account.
Although email scams are becoming increasingly difficult to detect, there are warning signs that indicate potential hijacking attempts. Below are three of them, as well as rules of thumb on how to think and act.
- If the email scam is of a less sophisticated nature, you will often receive some kind of offer. The rule of thumb is: if it seems too good to be true, it probably is.
- Be careful when requesting urgent payments - regardless of who the sender is. Ensure that the information is correct by always having a direct dialog with the person requesting the payment.
- If you receive an email asking you to follow a link, open files, or if the content is written in noticeably sloppy Swedish, do not follow the request and use common sense.
Want to know more about how WeSafe can help you protect your business from email fraud? Contact us and we'll tell you more!
Click here to find out if your email account has been compromised by a data leak.
Or here for useful information and statistics on different types of online scams.
Inspiration and knowledge straight to your inbox
Sign up for our monthly inspirational newsletter that gives you tips, insights and advice on new ways of working, processes and security related to Microsoft 365, Azure and various tools in Microsoft's cloud platform.
Free security analysis of your Microsoft 365 environment
Get concrete and practical tips on how to better protect your organization.
-
Carl F chooses Upheads as its long-term IT partner
Instead of building its own in-house IT department, Carl F has chosen to collaborate with Upheads so that ...
→ Read more -
New Outlook - Modern design and improved functionality
Microsoft has now launched the new version of Outlook for Windows, and it's not just about a ...
→ Read more -
Modern Authentication replaces Basic Authentication in Microsoft 365
We would like to inform you that Microsoft will completely stop supporting Basic Authentication in Microsoft 365...
→ Read more