Major Email Scam Signals For Companies
As the role of technology becomes increasingly dominant in Australian businesses, employees are relying on email to communicate more and more. But it’s not just in business. Face to face communication is become alarmingly less frequent, with individuals often choosing to use email or text to share messages.
As a result, a request from an employer, friend or even family member to pay a bill, make a payment or transfer money may not see out of the ordinary.
Especially if the email makes specific references to actual events or transactions. But with ease of communications, comes ease of deception, with rapidly increasing cases of email fraud being reported.
In business, it’s known as business email compromise, or CEO fraud – because more often than not, the email appears to be from the CEO. Tens of thousands of business and individuals have been targeted by such scams over the past several years, netting criminals around $2 billion, according to the Internet Crime Complaint Centre.
The scams range in size from small requests of several hundred dollars, to orders for large transfers of millions of dollars. In most cases, the fraud takes place in the form of an email requesting a momentary transaction. In those cases, the email is purported to be from someone in a position of authority, and recipients are usually quick to react.
How email fraud works
While the consequences can be catastrophic, the method is simple. The fraudster uses the simple trick of creating an email address that resembles that of someone senior in the organisation, or someone known personally to the recipient.
Upon close observation, the reply address is often a close match, but not exactly the same. It may be from a different domain name, have one missing character or two swapped around.
It’s commonly known that humans are able to recognise words without actually reading individual letters, which is why these bogus email addresses are rarely picked up.
There are more sophisticated methods too, such as gaining access to emails through hacking into the account using phishing emails.
At the end of the day, criminals rely on the complacency of the recipient.
Who’s the boss?
Of course it’s not just the familiar email address that convinces the recipient that the message is authentic. Most people’s suspicion would be raised if an email simply requested money to an unknown bank account, regardless of the email address used.
However, fraudsters use a variety of tactics to ensure recipients are convinced of whom they are corresponding with. It may be that they establish an initial rapport by exchanging multiple emails before making the request, which may be for a monetary transfer, urgent payment to a supplier or simply a collection of useful information such as payroll data.
With the rise of social media, posing as someone else – particularly via email – is easier than ever before. A quick look on Facebook will tell a fraudster that an authority figure is on holidays in, say, Hawaii, meaning they’ll be able to refer to their trip away throughout the exchange.
They may even use a holiday to generate a sense of urgency in making a transaction happen within a particular time frame or by a certain date. With careful planning, sometimes involving months of research, criminals are able to easily create an authentic exchange, which can see large sums of money lost as a result of one, simple email.
Third party involvement
The next step is to check their credentials such as work experience, educational background, additional training, and whether the individual or company possesses up-to-date license as required by law.
Check their references for credibility, and make sure they have a sound track record.
How to prevent email fraud
While the scam is relatively simple, its strike rate is high. At the end of the day though, success is purely due to the recipient being prepared to take the email at face value. The prospect seems daunting, but there are some simple ways to avoid falling victim to email fraud.
For starters, look for particular key words. Subject headers containing the words, “urgent”, “payment” and “request” should set alarm bells ringing. Likewise, “private and confidential” or “strictly confidential” should be treated with suspicion.
But the simplest way to ensure you don’t inadvertently hardwire money to crooks or supply confidential information is to pick up the phone.
If the request involves cash or important data, call the person making the request to confirm. If they’re on holiday – well, you might just be better off waiting until they return.
If you are unsure if you have been targeted, check Australian Cybercrime Online Reporting Network (ACORN). It is also a good idea to report an email scam or fraud using the same site.
This article was sourced from The ABI and Financial Times.