Spot the Spam, avoid the Scam
Somewhere between 50 and 90 billion spam emails are being sent on a daily basis and make up approximately 75% of all email traffic (Source: Commtouch) The most common type of spam these days and the one with the most potential for damage is the phishing email. Phishing is a method used by scammers to attempt to fool you into falling into their trap and handing over your personal details or account information.
Despite valiant efforts being made to filter, junk or block these there is always a risk of a false positive and one or two nefarious emails slipping through the net. Some of these are very obvious and can be easily avoided, unless you really have just recently lost a distant relation in South Africa who just happened to be a Prince looking to leave you his inheritance?? On the other hand there are quite a few very committed con artists who put a lot of effort into creating a quality scamming system with a concerted effort into creating a sometimes indistinguishable replica of a bank email, or will make efforts to find out your organisation structure and create an internal targeted email from a senior staff member.
How to spot one:
- The sender address
Does it differ from the organisation it is reportedly from? (eg. @pay-pal.com ; @e-bay.co.uk ; @hsbcpayments.com)
- Check any link before clicking
Hover your mouse over the link, does it reflect a familiar website address or a false one? Also be wary of any shortened links (bit.ly or tinurl.com etc.) these can connect to any site. (Check links here first: http://onlinelinkscan.com)
- What is the purpose of the email?
Does it just happen to be trying to scare you into thinking one of your accounts have been compromised? Click here to check or reset your password etc. This should be ringing alarm bells
- Is it from your bank?
In most cases your bank will never contact you regarding the security of your account or any breaches thereof, by email. They will always contact by phone or letter. If it is a statement notification, check all of the above before clicking anything.
- Is it an unusual request?
Has your Director just asked you to wire some money to his off-shore account? Don’t reply, always check this out with the staff member first and make your systems administrator aware, as the actual replying address may differ to what you see.
- Spelling or grammatical errors
This may seem obvious, but a few minor errors in the content should ring alarm bells for further checks.
- Check for attachments
If someone has asked you to check the attached invoice, delivery note or other in the format of a document, zip file or other unknown file type, do not open or save these files. They are also a good indicator that the email is not what it says it is.
What to do if you receive a possible scam email
- Don’t click on any links within it.
- Don't open any attachments.
- Don’t reply to the sender, you will only validate your address.
- Never give any personal information.
- Report it to whoever looks after your IT system, they can blacklist senders.
- Report it to Action Fraud.
- Find out if you have a filtering system in place, if not look into one (see below).
- Action Fraud: www.actionfraud.police.uk
- Get Safe Online: www.getsafeonline.org
- Citizen’s Advice: www.citizensadvice.org.uk
- MailWasher Free (Desktop based): www.mailwasher.net
- SpamFighter (Desktop): www.spamfighter.com
- Panda Email Protection (Cloud based): www.pandasecurity.com
- Trend Micro Email Security (Cloud): www.trendmicro.com
For more information, please contact [email protected].