Sharing Our Expertise July 2021
Email provides us a convenient and powerful communications tool. It’s impossible, in fact, to imagine how the world ever functioned without it.
Unfortunately, email also provides scammers and other malicious individuals an easy means for luring potential victims. The scams they attempt run from old-fashioned bait-and-switch operations to highly sophisticated phishing schemes using a combination of email and bogus web sites to trick unsuspecting victims into divulging sensitive information.
Protecting yourself and your employees from these scams begins with an in-depth understanding of a) what they are, b) what they look like, and c) what you can do to avoid them.
What They Are. Unsolicited commercial email, or “spam,” is the starting point for many email scams. Before the advent of email, a scammer had to contact each potential victim individually by post, fax, telephone, or through direct personal contact.
Email has changed the game for scammers. The convenience and anonymity of email, along with the capability it provides for easily contacting thousands of people at once, enables scammers to work in volume. Scammers only need to fool a small percentage of the tens of thousands of people they email for their ruse to pay off.
What They Look Like. There are many email-based scams likely to land in your inbox. Here are some of the most prevalent:
- Old-Fashioned Fraud Schemes – Many email scams have existed for a long time. In fact, a good many of them are merely ‘recycled’ scams that predate the use of email. The most common are: bogus business opportunities, chain letters, work-at-home schemes, health and diet scams, easy money, ‘free’ goods, investment opportunities, and ‘guaranteed’ loans or credit.
- Phishing (Social Engineering) Email – Phishing is a strategy for obtaining information people wouldn’t normally divulge, or prompting an action people normally wouldn’t perform, by preying on their natural curiosity and/or willingness to trust.
Phishing emails are crafted to look as if they’ve been sent from a legitimate organization. These emails attempt to fool you into visiting a bogus web site to either download malware (viruses and other software intended to compromise your computer) or reveal sensitive personal information.
The perpetrators of phishing scams carefully craft the bogus web site to look like the real thing. For instance, an email can be crafted to look like it is from a major bank. It might have an alarming subject line, such as “Problem with Your Account.” The body of the message will claim there is a problem with your bank account and that to validate your account, you must click a link included in the email and complete an online form. The form asks for information like your account number, address, online banking username and password – all the information an attacker needs to steal your identity and raid your bank account.
Phishing emails have also been disguised in other ways – fake communications from online payment and auction services or from internet service providers; fake accusation of violating the Patriot Act, and fake communications from an IT Department to name a few.
- Trojan Horse Email – Trojan horse emails have come in a variety of packages over the years. One of the most notorious was the “Love Bug” virus, attached to an email with the subject line “I Love You”. Others include emails posing as virtual postcards, emails masquerading as security bulletins from software vendors requesting recipients apply attached ‘patches’, emails with the subject line “funny” encouraging the recipient to view the attached “joke”, and emails claiming to be from an antivirus vendor encouraging the recipient to install the attached “virus sweeper” free of charge.
What You Can Do To Avoid Them. The following recommendations can minimize your chances of falling victim to an email scam:
- Filter Spam – Because most email scams begin with unsolicited commercial email, you should take measures to prevent spam from getting into your mailbox. Most email applications and web mail services include spam-filtering features, or ways in which you can configure your email applications to filter spam.
- Don’t Trust Unsolicited Email with Attachments and Links – Never trust any email sent to you by an unknown individual or organization. Never open an attachment to unsolicited email or click on a link sent to you in an email. Cleverly crafted links can take you to forged web sites set up to trick you into divulging private information or downloading viruses, spyware and other malicious software. Even email sent from a familiar address may create problems. Many viruses spread themselves by scanning the victim computer for email addresses and sending themselves to these addresses in the guise of an email from the owner of the infected computer.
- Install Antivirus Software and Keep It Up-To-Date – If possible, you should install an antivirus program that has an automatic update feature. This will help ensure you always have the most up-to-date protection possible against viruses. In addition, make sure the antivirus software you choose includes an email scanning feature. This will help keep your computer free of email-borne viruses.
- Install a Personal Firewall and Keep It Up-To-Date – A firewall will help protect you should you inadvertently open a virus-bearing attachment or otherwise introduce malware to your computer by following the instructions in the email. The firewall will also help prevent outbound traffic from your computer to the attacker. When your personal firewall detects suspicious outbound communications from your computer, it could be a sign you have inadvertently installed malicious programs on your computer.
- Configure Your Email Client Making You Less Susceptible to Scams – There are several ways to do this. For one, configuring your email program to view email as “text only” will help protect you from scams that misuse HTML in email.
- Common Sense – Last, but not least, you should always have your antennae up. When an email arrives in your mailbox promising you big money for little effort or inviting you to join a plot to grab unclaimed funds, it is likely bogus.
Today’s Digital Age is ushering in a breed of cyber-attacker with unprecedented focus on exploiting the vulnerabilities of the human psyche to compromise individual end-users.
And while the IT world will always pursue new, more robust approaches to cybersecurity to enable us to better defend ourselves – the best defense against any present or future email scam remains you and your employees.
To that end effective security awareness and resilience training to empower employees to recognize and report attacks can achieve measured reductions in susceptibility to phishing attempts – and is strongly encouraged.
To learn more, or to schedule security training for your business, please contact Todd Gooden at firstname.lastname@example.org