BLOG
Spoofs, Scams, and Phishing: Modern Thieves in a Digital World
As the common criminal evolves with today’s rapidly progressing technology, smarter crime creates a need for smarter approaches to preventing it. While most modern systems will filter out the most basic attempts at scamming your organization’s users, on occasion there will be convincing messages that slip through these filters and challenge your organization’s familiarity with modern scams.
We’ve prepared a few tips to make sure that your users are familiar with the most common types of scams in the industry today:
1. Impersonation
Spoofing is the common attempt of email scammers to make an email or message look as if it’s come from a legitimate source, either within your organization, or from another company. This involves setting up an account name so it will show as coming from a familiar user or company like Paypal or a Social Media site. These will often say that your account has been locked, or that you have made a payment that you don’t recall making, and then have you click a link in the email that will take you to ‘sign in on the website where your account has been locked.’ These emails often redirect to websites designed to look like the official source, but will actually steal your log-in information as you sign on.
This is what’s referred to as ‘phishing,’ which is when an individual tries to acquire information on accounts via misleading webpages, or will try to lead you to webpages that will install malware or ransomware on your device.
2. “Spoofing”
More commonly, scammers are beginning to target businesses by creating accounts identical to a user in an organization, often replicating the email addresses of CEOs, COOs, and other important decision makers in the company. These fake accounts will then send messages to users either asking for personal information—in some instances they are even instructing their users to use company credit and debit cards to go buy gift cards for fake promotional reasons.
If your CEO is suddenly asking for a £500 Google Gift card? Take a closer look at the email address the message comes from.
Opening the information for further detail from the sender should let you get a better look at the email address behind the person sending it, which will usually show odd variations on the sender’s email; is there an 0 where there should be an o? Is that lowercase L actually a 1? Sometimes the display name will show as a familiar user, but if you look at the address itself will show a completely unrelated email.
Always be wary of providing too much information in return, or communicating with suspicious requests–if in doubt, doublecheck with an actual phone call or forwarding the message directly to the address you know the person uses.
3. Artificial Blackmail
You receive an email from a mysterious source that claims that the sender cannot be traced, but that they’ve hacked all of your accounts / your website / your social media. They demand an exorbitant fee in Bitcoin or another Cryptocurrency, often threatening you with claims that they’ve recorded you through your webcam committing illicit actions, or that they have some other embarrassing secrets to leak to your workplace or friends and family (all contacts they have gained, of course, by hacking your account.)
Except they haven’t.
In the age where a skilled hacker is enough to make people quake in their boots, just the threat that someone or a company has been compromised is enough to inspire the vulnerability and doubts over the security of your personal information. These mysterious blackmailers have not gained access to your accounts, they’ve only gotten your email address off a mailing list somewhere and added you to a blind copy threatening hundreds of others with the same blackmail material.
You can delete them as normal as you would any spam.
How to prevent these misleading emails?
While there is no spam filter in the world that can catch these human criminals with 100% accuracy, most of these messages should automatically be sent to your junk mail automatically. For anything that does slip through, you can make sure that your organization or IT company has implemented an ‘External Email’ warning message.
This warning message will display on every email that your organization receives from an external source, and usually looks like the following:
Human error is persistent in falling for most of these scams, but with tools like this, it raises an additional red flag that something isn’t quite right with a message your users may have received.
If your organization does not already provide tools like this, or you’re looking for more comprehensive security coverage and other methods to combat these cyberattacks or worse, then contact our experienced Sales team here at 10-100 Consultancy Ltd.