Early on, email scams were simple. You may receive an email saying something to the effect of “your long, lost rich uncle who lived in another country passed away and you needed to send your bank information to receive an inheritance.” The emails contained numerous spelling and grammar mistakes and the email composer didn’t speak English fluently, so they were easy to identify. Nowadays, the scammers are becoming much more convincing in their email attacks. Their grammar has improved, the emails are compelling and seem very legitimate. Email scams today are typically asking users to perform a specific action:
- clicking a link,
- opening an attachment,
- or sending information.
Email scammers also employ scare tactics. Some examples of these are:
- “We’ve hacked your account.”
- “We have compromising photos or information about you and you need to send us money or we are going to share that with your friends on Facebook/social media and at your workplace.”
This can be especially scary because scammers may even share some personal information about you in that email to make it even more convincing. It’s likely something they’ve already gathered on social media about you to increase the likelihood of you opening that email.
They might also “spoof” the email address that the email is coming from. Email spoofing means they make the email look like it’s coming from someone you know: a friend, relative or coworker, even a company you regularly interact with. This is very easy for scammers to do and it makes it seem even more convincing.
We’ve even seen emails that have come into BTS that appear to be from a trusted source and/or vendor. Scammers will take advantage of well-known companies or companies that many of us rely on, as they create their tactics and phony emails.
American Express is a popular credit card company that is often used in email scams. Here’s one scam scenario:
You receive an email that looks like it’s from American Express. It states that a charge has posted to your credit card account, but you don’t recognize the transaction details stated. Right away, you are worried that someone has compromised your credit card account, so you click the link in the email. This link takes you to a website that looks legit, so you enter your username and password to log in. Now, the scammers have your account login information for American Express and they will use this to gain access to your account.
Risks of Clicking or Opening Attachments
In addition to unknowingly passing along personal information, there are additional risks associated with clicking links or opening attachments in a scam email. You may be unknowingly installing malicious software or a virus on your computer, allowing the scammer to take control of your computer, access your documents, passwords, or sensitive information. They may even take advantage of this breach to launch another malicious attack from your computer! This happens more often than you may think.
Know How to Spot Bogus Emails
There are numerous ways to spot bogus emails. The very first line of defense is to ask yourself – “Is this an email that I’m expecting? Do I know this person? Does what the email state make sense? Does the timestamp on the email match when that person would normally send an email? (i.e., is your coworker usually sending emails at 1am?)”
The next question to ask yourself is, “Does the email want me to perform a certain action?” Is it asking you to click a link, open an attachment, enter information, or send information? If so, those are all red flags.
How to Check Links WITHOUT CLICKING
There’s an easy way to check a link within an email. Using a mouse pointer, carefully HOVER (DO NOT CLICK) over the link and the link address will appear. This allows you to see where the link is pointing without clicking and jeopardizing security.
The Risk of Email Attachments
Email attachments are very risky to open. For example, a user may receive a Word document as an attachment. When it’s opened, a bar across the top appears with a button that says ENABLE CONTENT. Clicking to enable that content will likely run a “MACRO”, or a computer program, that could install malware or a virus. Users really need to be suspicious of any email attachment.
Verify Attachments by Phone or Don’t Risk Opening
If you receive an email that has an attachment and you are not expecting it, contact the sender BY PHONE to verify its legitimacy. Do not reply to the email, since you’ll be replying to the scammer. If you don’t know the person who sent it, delete it and make sure to empty your trash bin.
Opening infected attachments could put your entire network at risk, not just your computer. If your computer becomes infected, or is the victim of ransomware, it could quickly spread throughout your entire computer network and cause permanent, costly damage to your company.
New scams come out every day. It’s hard to keep up.
Scammers are constantly evolving. Once end-users figure out a certain tactic, scammers change it to something new. It can be hard to keep up. However, there are things you can do to project yourself and your business.
One of the most important ways to protect your business against email scams is to train your employees. Security Awareness Training trains end-users how to spot malicious emails and how to handle them if received. Using short videos the Security Awareness Training will teach users what to look out for. Then, fake phishing emails are sent at a later date, to see who still falls for the scam.
Any employee who falls for the scam, will receive additional training, explaining the signs they missed and how to better protect themselves next time. It’s a safe way to train so that when the real scam comes in, your employees recognize it, know what to do and your business is protected.
Take a Layered Approach to Protection
Desktop anti-virus isn’t enough anymore. Businesses today need to take a layered approach. This begins with Email Spam Filtering from a reputable mail service. Email Spam filtering will filter out many email viruses, emails containing malware, even some phishing emails. Next, it’s important to have a quality desktop anti-virus present that is kept up to date regularly.
Even with this layered approach to protect against malicious emails, some will still get through. That’s why it’s vital to train end-users how to spot bogus emails and what to do if one is received.