Monday, 12 September 2016

How to Spot and Deal with Fake/Scam Emails – 5 Tips to Keep Your Business Safe

Scam emails pose a big threat to businesses, regardless of their size. They come in many forms – some want you to take action so the scammers can capture sensitive information while others attempt to

Scam emails pose a big threat to businesses, regardless of their size.

They come in many forms – some want you to take action so the scammers can capture sensitive information while others attempt to extract money from your business by posing as somebody from within your organisation.

Whatever the case, you must know how to spot these emails so you can deal with them appropriately.

Below are 5 ways to spot scam emails and how you should deal with them.

1. Bad spelling and grammar (Bad speling nad gramer!)

One common giveaway of many scam emails is poor spelling and grammar. There are certain email scams, such as CEO fraud, where the scammer will be posing as a senior person with the organisation. If the email is littered with spelling and grammar mistakes then it's a big giveaway that it's not genuine. Scammers are getting better at avoiding this though...

So look out for overly formal language which can be another indicator of a scam email. For example if the email starts with something like 'Dear Sir/Madam' and comes from somebody you know well, then it is to be disregarded. Check how they've addressed you and how they sign-off. Notice anything unusual?

2. Subtle inaccuracies in email addresses

Another big giveaway of scam emails is small inaccuracies in email addresses.

When scammers are posing as somebody from within your organisation, they'll often use email addresses that are close to genuine people who work there. Often the differences between the email addresses are very subtle and can be easy to miss.

For example the scam email might be john.smith@yourcompany.co.uk while the genuine email is johnsmith@yourcompany.co.uk or vice versa.

3. Use of urgent language

Use of urgent language is a very common tactic used by scammers sending phishing emails.

By attempting to create a sense of panic or urgency in the recipient, they aim to prompt them into taking an action they wouldn't normally take, such as clicking on a malicious link or transferring a substantial amount of money. If it urges you to act quickly, then be on your guard and check other aspects or follow your internal protocols first.

4. Unrealistic threats are made

Often when scammers send out scam emails, they'll make unrealistic threats.

For example if they're posing as the business' bank then they might threaten to close your account if you don't take the action they want. The email might even go as far as to threaten your job if you do not take action.

Genuine emails will not make such threats or create that same sense of fear. It's more likely a sign that it's dodgy and to be avoided.

5. The email contains suspect URLs

Emails that often look genuine may contain malicious URLs that either redirect you to mock websites (that are designed to capture your information) or to infect your computer with malware.

A good way to determine if a URL is genuine or not is to hover over the link without clicking on it. Most browsers will show the actual URL that the link is directing to. If it doesn't look genuine then don't click on it. This can often be seen with URLs for your mobile provider or HMRC where they actually go elsewhere or to hmrc.website.com not the genuine Government website.

 

How to deal with scam emails

The best way to protect your business from the threat of scam emails is to train your employees well.

Training your staff to deal with scam emails is not that difficult and can usually be done in-house. Simply informing them of the common tactics used by scammers, including those listed above, will often be enough to help you seriously mitigate the risk that these emails pose.

You should be sure to train any staff that come into your business about the risk of scam emails and how to spot them too. It only takes one lapse in judgement by one employee that could cost your business a lot of money.

Alternatively, you can employ a service to help test your staff with phishing-type emails (but which don't have a nasty sting in the tail!) to identify those most likely to click or respond. That can help you to direct further training and education to those that need it most.

 

If you'd like more advice on steps you can take to make your business more secure, including expanding your IT support services, then get in touch with Jon Towers and we'll be happy to advise you further.