Email fraud – 5 tips to help you spot it

Security_April18_B

Business owners and managers have many concerns they must address on a regular basis, or at least be aware of. Some of security concerns revolve around fraud, more specifically email fraud. While this isn’t a new concept, email fraud and scam occurrences are on the rise, and it is vital to know how to spot them.

Here’s five tips to help you spot email frauds or scams.

Look at the email address One of the easiest ways to spot a fraudulent email or scam is by looking at the email address of the sender. Many credit card application scams use third party email services like Gmail or Yahoo. Some scammers go so far as to set up accounts in the name of the company e.g., AMEX_121@gmail.com.

Sophisticated scammers will actually try to copy the legitimate company’s email account – a practice called spoofing. They will usually have a few changes like a missing letter from the address, or an extra . added.

The easiest thing you can do is look for the sender’s site on the Internet. For example: You get an email from AMEX OPEN (American Express’s small business credit card) and notice that the sender’s email address just doesn’t look right. Go to Google and search for amex fraud. You’ll likely find the fraud page which tells you exactly how the company sends emails. If the sender is a smaller company, most of these will have email contact addresses right on the site, take a look and compare the two. If they are different, the email is likely a scam.

Look at the sender’s website If you think an email is fraudulent, try looking up the website associated with the sender. Should you be unable to find the site, it’s likely a scam.

If you find a website, click through some pages to see if there is anything that looks out of place. For example a website selling a new financial service has pages with Coming Soon or you get errors when you try to load the page. If it looks fishy, it likely is – delete the email.

It would also be a good idea to go to archive.org’s Wayback Machine, copy and paste the website’s URL into the The Wayback Machine Search bar and hit Take me back. This will bring up previous versions of the website. If you see that the site in question was something completely different a few months to a year ago (e.g., it is a financial services page now, but six months ago it was a page selling prescription drugs), chances are high it’s a fraud.

Call them Many scammers will put phone numbers into emails to make them look more legitimate. If you are unsure about whether this email is legitimate or not, why not try calling the number? Many scammers run more than one fraud operating at the same time and may answer the phone with another name, or not at all.

Similarly, if you call a local number of a supposedly small business and get routed directly to voicemail, it’s likely fraud.

Look carefully at the body of the message The body of the email can also be a great way to suss out email scammers and potential fraud. Because many fraudulent emails originate outside of the major English speaking countries, there will often be language that just sounds different from the way people write in your area. One great example of this would be a line like ‘We wish to sell you a great product.’

You should also look for spelling errors, grammar mistakes or inconsistencies. While some fraudulent emails will have minor spelling inconsistencies, others will spell common words wrong. If you see mistakes like ‘our product are a great deals’, this should raise a warning flag.

Spelling and grammar errors are a part of business communication, so don’t expect a perfect email from all companies, especially if you see that the company is located overseas. It’s the emails with mistakes supposedly coming from companies in your area that should really raise alarm.

The sender asks for money or passwords It’s kind of an unwritten rule that when sending out emails you never ask for a person’s credit card number or account passwords. Banks, large companies and many social networks will never ask you for passwords or account information, credit card numbers, pin codes, etc of any kind over email. If you notice that an email selling something asks for you to reply with a credit card details so you can make a purchase, it’s best to delete the email as it’s likely a fraud.

Email fraud is a big deal, and unfortunately it will likely become even more common in the near future. This means you should be able to spot potentially fraudulent emails. If you think an email is a scam, it’s best to just delete it immediately. Don’t respond or forward it to colleagues or employees. If you need to let people know, write another email that describes the suspected email but has no links. You can also forward a screenshot to your colleagues or friends to illustrate the scam.

Looking for more ways you can protect your company? Contact us today. We can work with you to develop a security system that will meet your needs.

Published with permission from TechAdvisory.org. Source.

Watch out for tech support phone scams

Security_Jan08_B

For users of Windows systems the threat of a security breach is an ever-present one that has many security experts constantly worrying. The thing is, many systems are secure enough from outside attacks, and many scammers know this. As a result, scammers have switched tactics and have taken to masquerading as Windows technicians, hoping to get users to give up their credit cards.

These scams have long been a part of the Windows environment. Despite users being fully aware of these attacks, some people still falling into the trap.

These deceptions generally follow the same formula: A person calls you pretending to be from the Windows technical team at Microsoft. The scammer usually tells you that they need to renew their software protection licenses to keep their computer running.

Most of the time, these scammers spread the conversation out over a number of phone calls and emails, the goal being to gain the trust of the user. Once trust is established, or the user seems interested enough, the scammer will offer a seeming sweet deal: They will offer a service that will make your computer run like new, usually for a seemingly reasonable price.

The scammer will then use remote PC support software to show you ‘problems’ your computer is having. They will usually show you the Windows Event Viewer – a part of the OS that shows errors, usually harmless, that your computer has generated. The scammer will then convince the user that these errors are harmful, and if you have paid, they will make it look like they are cleaning your computer.

If you give them your credit card number, you will likely see ridiculous charges, or even have people trying to access your accounts.

What’s being done? Governments are aware of this increasingly common trend, and some organizations, like the FTC, have taken measures to shut down scammers. This article from ars technica gives a good overview of what exactly the FTC is doing, while another article provides a first-hand account of how the scammers operate.

What can we do? While action is being taken, these scams are still continuing. From what we can tell, they likely won’t stop in the near future. To ensure you don’t fall prey to this trickery, these five tips should help you identify when an attempted scam is at play:

  1. Microsoft doesn’t call people.
  2. Windows Event Manager is a log of errors for ALL programs.
  3. Microsoft employees will never ask for your passwords.
  4. Most of these scammers operate out of call centers in India, but bill from the US.
  5. Microsoft employees won’t usually ask you to install software that’s not made by Microsoft.

As a rule of thumb: If you get an unsolicited call about your computers and IT security, it’s likely not genuine. If these criminals provide you with a website, do a quick Google search to see if there have been any scam reports. You can also join the No-Call Registry if you are in the United States. To learn more about these scams, please contact us.

Published with permission from TechAdvisory.org. Source.

Be like Superman, protect your email

Security_Sep12_B

Clark Kent: star reporter for the Daily Planet and always one of the first reporters to break the news. To many, Clark Kent is more commonly known as Superman. If Superman had an email address, it’d be a sure thing that he’d take steps to ensure it remains secure and out of the hands of criminals. Do you echo what superman would do and protect your email address?

Failing online protection from a superhero here’s five things you can do to ensure your email address is properly protected.

Give your email a disguise Superheros often protect their identity through the use of a disguise. We’re not saying you need to dress up in spandex, go out and search for spammers/scammers to beat down, or prevent from getting your email. Instead, you should be aware of how scammers operate – largely by writing programs that search websites for email addresses – and disguise your email from this.

Many programs look for traditional emails like imthebatman@gmail.com, so to disguise your email, spell it out: imthebatmanATgmailDOTcom or, imthebatman(DELETETHIS)@gmailDOTcom. People are smart enough to figure out that the AT and DOT are actually @, . or to delete (DELETETHIS). You’d be surprised at how much this will cut down on spam.

Protect your email’s identity Aside for a disguise, superheroes will often go to great lengths to protect their identity. You should do the same with your email address. When signing up for a new service, forum, or anything that requires a username, don’t use your email as the username. If possible, don’t use your email address at all.

You should also read the Privacy Statements of all websites you have accounts with. Yes, there is lots of legal speak and they are long, but thats to get the user to scroll to the bottom of the document and hit accept. Look for clauses regarding your email, and note any companies that say they reserve the rights to sell your email to advertisers or aren’t held liable for stolen information, as you can ensure that your email will be spammed.

Beyond that, many websites allow you to hide your email address from other users. It’s highly recommended that you do this and an option to do so can usually be found in the Account Options or Account Security sections of your user profile on websites.

Don’t respond to flashy requests When a superhero is not out fighting crime, they’re off cultivating and maintaining their alter-ego. They hardly do anything outside of their normal character, and normally won’t respond to flashy requests for super luxury balls (unless you’re Bruce Wayne or Tony Stark of course). If you get an email that sounds too good to be true, such as announcing that you’ve won something spectacular, it’s a good idea to not open or respond to it, as chances are near 100% that it’s a scam or simply aimed at getting your email address or other information.

Get your email a side-kick Some superheroes have sidekicks that help them fight crime or solve mysteries. We recommend that you get your main email a sidekick and sign up for a separate email that you use for online shopping, forum registration and basically anything that’s non-work/family/friends related.

Take a picture of your email In numerous Spider-Man story arcs, Peter Parker is tasked with taking pictures of Spider-Man. Of course, being Spider-man, all he has to do is take a picture of himself and people seem to be happy with that. As many spam programs don’t take information from pictures, it’s a good idea to make your email addresses into a picture that you place onto email signatures, or into the body of the email itself.

The easiest way to do this is open MS Paint, (if you have a windows machine), or an online image creator like pixlr and type your email address into the image, resize so it just fits the font and hit save. The best format to save it as is a .jpeg, as it can be easily read by Internet browsers and email programs. Most email programs will allow you to put an image into your signature, typically done under Settings.

You don’t have to be a superhero to protect your email, just take these precautionary steps and your important email addresses will be as safe as any superhero’s true identity. If you’d like to learn more about staying secure while surfing the Internet, please contact us, and we will come to your aid.

Published with permission from TechAdvisory.org. Source.