No one is immune from email scams, but if you can recognize the hallmarks of malicious email, you can avoid becoming a victim. Do you know what to look for?
Just last week, I was asked to send an email to our company’s U.S.-based clients alerting them to a recently reported scam email. While our clients are regularly hit with spam emails, usually around buying our event registration lists, this one was a scam, and the first of its kind directed to our clients. Using a former employee’s name as the sender, it read that an invoice was overdue and instructed the recipient to click on a link. It had many of the telltale signs of a scam, but not all of the recipients recognized it as such. If employees at some of our country’s largest ports couldn’t detect a scam, this was a problem that demanded attention.
Email scams are nothing new but are still one of the top attack vectors when it comes to security breaches. In its “2018 Data Breach Investigations Report,” Verizon said email was the main entry point in 96 percent of cases involving human error that led to a security incident, and 49 percent of malware was installed via email. Email scams are easy to create, cheap to send and still quite effective, despite all of the security advice available to consumers.
What to Look for
When it comes to email security, there are no second chances. If you see any of the discrepancies listed here, forward the suspicious email to your IT department and delete it from your computer if the email was sent to your work account. Even if it was sent to your personal email account, you may still want to report it to IT because scammers are known to reach out to personal accounts in hopes of gaining access to the target’s work account. If you are not employed, delete it.
Start at the top of the email and look at the sender line. Most email programs will show a name and the sender’s email address in brackets next to it. Do they match? If not, you may be looking at a scam. In the case of the email described above, the name was a well known former employee. (Scammers frequently impersonate a high level executive to intimidate employees to comply with their request for financial data. This technique is called whaling.)
The scammer may or may not have known she had left the company, but her name and title as managing director were easy to pick up online and few people follow the leadership changes in companies they work with. However, the email address was completely different. In this case, it was a hospital in Malaysia. Report and delete. Do note that more sophisticated scammers can “spoof” the email address, so just because the sender and email match doesn’t mean the email is legitimate.
Next, take a look at the subject line. Does it involve finances or a threat of some kind? Scammers love to incite panic and fear in the hopes that you will abandon common sense and follow their instructions. In our case, the subject line referred to an overdue account: Invoice Payment Reminder [#1008154]. On its own this may not seem unusual, but the body of the email contained a link called “Review Awaiting Files.” There was no email or phone number in the signature. No legitimate company will send you a link and provide no contact information. If you are concerned about a payment or other financial issue, pick up the phone and call the accounting department. If an account is overdue, you’ll have an invoice with the information you need.
Instead of a malicious link, the scammer may include an attachment. This is a sneaky way to capture sensitive data. The attachment may contain keylogging software, which will record all of your keystrokes, including logins and passwords, and send a report to the attacker, who will then use the information to access your accounts. Unless you are absolutely sure of the sender, do not download any attachments.