Staying Alert to Email Fraud at Work & at Home

Categories: Technology

What is email fraud, how to avoid it and what to do if you've been a victim of it.

Email fraud has been alive as long as emails themselves and have developed at a similar rate – becoming highly sophisticated and trickier to spot as technology advances. We are seeing on the news that organised cyber crime is an incredibly lucrative business, an estimated £150 billion was stolen from people online in 2017.

Despite the constant warnings all the way through the World Wide Web’s lifespan, and the regular ‘I’d never be stupid enough’, we are still seeing people quite easily, and innocently fall for the theft that is taking place in their personal and work email addresses.

A decade ago, people preyed on the blissfully unaware, and vulnerable, with the famous love-letter scams where people would pose as a love interest and ask for money to pay for flights or get out of a tricky situation after building a relationship with people across Britain & America. There was also scams detailing a lottery win or inheritance, but you’d first need to pay a transaction fee – these emails would be blasted across thousands of emails and some would make the payment, with the money never to be seen again.

While we do still see these scams, the success rates are much lower. Everyone is always warned and because we are accustomed to the Internet we are just about fully aware of the dangers. These scams are less lucrative for the scammers, hackers and fraudsters that make a living online.

We are now seeing elaborate efforts from these people to target businesses for large sums of money. We saw Hamilton Academical hand-over almost £1,000,000 in 2017 to an online criminal, the same scam that targeted clubs across Scotland, a Pembrokeshire business also lost £22,000 late last year due to online fraud too. Internet fraud can have devastating consequences to businesses, both little and large.

We take email security very seriously, we put measures in place for our clients to protect emails and details. However, businesses can’t fully rely on a secure email system. There are still ways for your emails and data to be infiltrated.

• Your account is compromised and used to harvest data and send emails to your contacts.
• A virus on your device or network gathers email addresses and data from your contacts.
• Social engineering and educated guesses can be used to send emails to likely clients of your business.
• Your customer or contact email account could be compromised, exposing your name, email and email signature.

The above isn’t extensive but demonstrates what could be happening to put the wheels in motion to fraud you or your clients and customers. 

Once someone has your name, they can send an email that appears to be from you. They can set up an email address they can use anything they like as the name. Most recipients will just see the sender name; therefore, it could appear real if they don’t digest the full name and domain. The hacker could also register a domain for as little as £0.99, only changing small details such as 1 letter to make it even harder to spot.

This can be a serious problem. The customer could lose out on a huge amount of money, which would also affect the business and its reputation. It could work the other way; the hacker might impersonate someone you pay money too – a service provider or supplier and you lose out on a lot of money too.

This leaves the question; how do I protect myself again email fraud?

Here are some tips and tactics that should be enforced to keep you, your business and customers safe:

• Change your email password regularly & don’t use the same password across multiple accounts – if one is compromised then the rest could be too.
• Consider using a password manager such as LastPass to keep your passwords secure.
• Implement multi-factor authentication to further protect your account.
• Make sure all work computers & computers on the network are regularly updated and has sufficient anti-virus protection.
• Do not give bank details via email. Communicate this verbally. Let your customers know this is your policy.
• Never assume, never rush. Genuine organisations won’t rush you for payment and never assume an email or call is authentic.
• Consider cyber insurance to protect yourself against fraud.
• Education – train yourself and your staff to be highly suspicious of any emails referring to bank details or payments.

It’s very easy to fall victim to crime online, but it can have huge ramifications for you, your business and your valuable clients and customers. Always exercise precaution and always ask questions if you’re not certain and there’s less chance you end up out-of-pocket.

If you do end up a victim of fraud, there’s some steps you can take. As previously stated, cyber insurance should be considered. Latest figures from UK Finance suggest that around 25% of bank transfer scams were returned in 2017. This is across both business and personal losses – where businesses were estimated to have lost an average of £24,400 per case.

You can report and get advice from Action Fraud. This is open to both businesses and customers. Visit them here. 

Written by Regan Williamson