Gone Phishing – How to spot an email scam

There are numerous phishing scams that are currently doing the rounds, which you may have seen or read about.

What is Phishing?

Phishing is an email that is trying to obtain secure and sensitive information which includes passwords, usernames and credit card details.

One of the main ones is the CEO Fraud scam email which is one most employees should be aware of.

What is the CEO Fraud scam email?

You will receive an email  delivered to your in box at work from a scammer who claims he is your boss or another senior executive.

The scammer will state that they urgently need to transfer money to a specific bank account to pay for a service or product.   If you assume this email is genuine you may go along with this and send money to scammer’s bank account.  After all it is from your boss right?

The scammers are very clever and often they use malware to gain access to company networks. By doing this they then have access to all emails regarding invoices/billing etc and this seems to make the email request more genuine.

It has been estimated that over £32 million has been lost by business owners as a result of this scam – so as you can see the scam is vast. Only around £1 million has been removed by victims of the scam. Do not become a victim.

How to avoid this

Always check with the person who you think sent the email no matter how senior they are or if they are ‘in a meeting’ all day. Somehow get a message to them. If they are not around speak to a more senior member of staff. Under no circumstance reply by email as the email could be hacked and the reply you get back could be from the scammer. Instead call the person or send them a text.

Never make the payment no matter how urgent it seems.

Make sure that every employee in the organisation is aware of this scam and that everyone needs to be diligent about replying to emails of this nature regarding money transfers.

Any requests for monies by email should be supported by documentation from the sender. Make sure you have a valid process in place with checks through the potential transfer.

Should a member of staff receive the CEO Scam Email make sure you already have a backup plan – this can include having two or three key contacts who can check that the email is genuine or not. Why not always include a safe word in your emails. That way you will know it is from a legitimate source.

Make sure your finance team always review financial statements/invoices for any errors which can include incorrect spelling, different bank account quoted, more frequent invoices etc.

Check your website.  Is there too much information about your CEO and other senior Execs?  Decide what information you think can be made public and what should be hidden. Why not consider removing all email addresses and having one that is a general email address.  Then someone in the organisation can review the emails when they come in and pass on to the relevent person.

Never trust the email header – the header can be faked very simply

Ensure that your computer systems are secure and that antivirus software is updated on a regular basis. Even with these in place emails from spammers can still get through. So always be alert.

Please do not feel stupid if you fell for this scam. Sadly many business savvy people have been conned. Just always be aware – if an email looks strange take your time to consider the implications not just for yourself but the company as a whole.

 

Leave a Reply