Let me start by saying that over 90% of all security attacks begin with an email! It makes sense because everyone has an email account and cybercriminals know that too. Your email is probably one of the most critical assets that you have.
Think about this… your email is the intersection where your work and person interest all coincide. It’s the hackers’ dream.
What do you think is the value of a hacked email mailbox account? How much is an email account worth?
If your email account was held for ransom, how much would you pay to get it back?
Chances are you will have the following information in your email mailbox:
• Financial account details discussions with your banks.
• Personal information such as where you live, your home address, your birthday, employment details and photos.
• Other sensitive information such as calendar details of places that you frequent often
• Password details of various online applications that you use.
• Frequent communication with family, friends and other people could also be used as a “pawn” to be socially engineered.
For a hacker, a hacked email account is a prized asset as can be seen by the following picture (courtesy of Brian Krebs).
Are you “crack–able”? Funny question.
The art of trickery is to get you to do something against your better judgment and is often referred to as “Phishing”.
“Phishing” is a form of social engineering to trick you into sharing your sensitive information such as usernames, passwords, credit card details, and other personal detail or even asking you to open an attachment or click on an Internet link.
Such emails often are posed as a legitimate business or trusted contact – Users are often lured by emails purporting to be from trusted parties such as social websites, banks, Government, the police, reputable vendors such as Microsoft, Apple, eBay or even IT administrators.
Clicking on “phishing email” will remain for some time to come, the “highest risk behaviour”.
The battle against phishing has always been one of the most treacherous ones facing businesses, and in 2021 and beyond, phishing emails will become even more opportunistic, targeted and sophisticated.
Have a look at the following email example. Can you spot the phishing signs?
Did you find the signs that suggest this email may be dubious? Well, here they are:
What about this one?
What’s funny is that this email passed my email security filtering system. So, don’t get too comfortable and assume that you have the right cybersecurity tools in place that you are entirely covered.
What about this one? Can you spot the signs?
By the way, Woolworth is a well know Australian retailer.
Here are the top emails scams to watch out for 2021 and beyond. Be aware, this list is an overview of the more common scams but doesn’t cover every email con that you might encounter.
1. Nigerian Email Scams – The Nigerian email scam is a classic con. You’ll receive an email from an alleged member of a wealthy family. They desperately need help getting an enormous sum of money out of the country. All you need to do is cover the ongoing legal expenses and other fees paid to the authorities to release the fictional fortune. Once you’ve freed up the money for them, they promise to give you a cut.
2. Credit Card Email Scams – There are many types of credit card email scams. If you get an email or mail offer for a pre-approved loan or credit card that charges an upfront fee, beware. Reputable credit card companies may charge an annual fee, but it’s never upfront. Scammers might also offer lower rates or higher credit limits, which can tempt people who have trouble qualifying for accounts.
Scammers might also email you purporting to be from your credit card company. They’ll offer a better interest rate, say they’re sending you a new card, or direct you to verify your personal information.
3. Employment Email Scams – They can come in many guises. So, here is an example. You posted your resume on a legitimate employment site, including some personal data. You receive an emailed job offer to become a financial representative of an overseas company you never heard of before. The company says it wants to hire you because it has problems accepting money from U.S. customers, and it needs you to handle those payments. You’ll get a commission per transaction. But, they need you to give them some personal data, such as your bank account information, to pay you.
Instead, you wind up with a stolen identity, an empty bank account, and fake checks and money orders. Variations on this scheme include charges for training and expensive equipment. The company might also “accidentally” overpay you by check and ask for a reimbursement.
4. Disaster & Relief Email Scams – What to do when disasters strike, and you want to help those that have lost everything. In times like these, good people pull together to help the survivors, often using online donation portals and email requests. Unfortunately, scammers are doing the same thing, setting up fake charity websites to steal money intended for victims, and spreading the word via email and social media.
If you receive a donation request in your email, there’s a chance it’s a phishing attempt. Another sign a charity email is fake is asking for donations in cash, gift cards, or money transfers.
5. Travel Email Scams – Travel-related scams are most active during the summer months. You receive an email with an offer to get amazingly low fares to some exotic destination, but you must book it immediately, or the offer expires.
If you call, you’ll find out the travel is free, but the hotel rates are overpriced. Some offer you rock-bottom prices but hide high fees until you sign on the dotted line. Others make you sit through a timeshare pitch at the destination. Many will take your money and deliver nothing. Getting a refund, should you decide to cancel, is usually impossible.
6. Survey Email Scams – Someone sends you a survey about an issue you’re passionate about, such as global warming or gun control. But you never specifically requested to partake in a survey or join the survey’s mailing list.
That email is likely spam. When you click the link to take the survey, malicious software such as spyware or malware is installed on your PC, leaving your personal information vulnerable to hackers.
Other survey scams ask you to pay money upfront before compensating you for your input. But the money they offer is less than what you paid (or they just take your cash and run).
7. COVID Vaccine Email Scams – As the COVID-19 vaccine rolls out, the bad actors are already on the prowl, looking to rip you off or infect your computerwith malware.
For example, scammers send emails with the subject line saying – “URGENT INFORMATION LETTER: COVID 19 NEW APPROVED VACCINES.” Or they could be emails saying you can buy the COVID-19 vaccine!
These emails look like they are coming from legitimate sites doctors or even Governments agencies, but the whole process is to try and trick you intodownloading a so-called vaccine schedule document.
However, when you download that document, that document is the infection. That’s going to be the virus to which they can then either target you for a ransomware attack or infect your system with other malware.
You know the saying: If the offer is too good to be true, it is often is. Then you are the product!
What can you do prevent these attacks from harming you?
Email scams tend to be well-crafted. You will need to be vigilant. Pay attention to the email.
• Do you know the sender?
• Do you know the vendor?
• Does the logo look consistent?
• Is the domain name consistent with the brand name?• Are there any spelling or grammar mistakes?
• Does it look exactly like a previous email that you have received?
• Are any of the links not consistent with the brand?
If you still believe that the email may be real, verify the authenticity, but find another way. Do not respond to the recipient!
For example, contact the sender directly with a known phone number that you already have. Don’t use any information that is on the email.
Protecting your business from email scams is about being vigilant and staying vigilant to all any email your received.
Use this rule to any email that you receive.
Do not click on links, open an attachment or even respond to an email that you did not ask for it in the first place.
תגובות