It’s becoming easier for hackers to create fraudulent emails by imitating colleagues, partners, suppliers, and institutions that have earned your trust. Regardless of your employees’ loyalty or the spam and phishing filters installed on your email server, your business is at risk of being a victim of fraud. To prevent it, let’s discuss the characteristics that make up a fraudulent message and the elements that should raise suspicions for you and your employees:
- An email address with omitted letters or the use of a public server – In principle, hackers will try to create an email address as similar as possible to the one they are attempting to imitate. To achieve it, they omit letters that are easy to ignore at a quick glance or modify a company name in a credible way. For example, instead of the organizational email email@example.com they could use firstname.lastname@example.org or email@example.com. Also, don’t trust emails bearing addresses from public servers like @gmail.com or @hotmail.com. Other emails you shouldn’t trust are those that, despite showing a reasonable screen name, have a strange address, such as firstname.lastname@example.org.
- Writing mistakes – Misspelled words, poorly structured sentences, double spaces between words, informal language, and grammatical errors are strong indicators that something is wrong. Also, pay attention to incorrect or expired dates. Reputable institutions have professional copywriters overseeing the quality of official communications.
- Messages demanding urgent and confidential action – Attempting to collect your information or obtain funds in an illegitimate manner, hackers will present an urgent and confidential request, insisting on its importance, so you don’t have time to question the legitimacy of the request until it’s too late. For example, your employee might receive a message from an alleged coworker urgently asking for help with a late payment to a supplier. Also, he urges the recipient to keep the information confidential so his job won’t be in jeopardy and assures the recipient that if he accepts, he will owe him a great favor.
- A sudden request that falls outside established procedures – The most common suspicious requests include asking you to confirm your user information by clicking on a link, requesting an “update” to the details of a payment made to a beneficiary by using the information they now provide, supplying new contact information that is different from the one previously verified, and insisting that from now on you only use that new information to contact them. They may even claim to be your bank and ask that you provide your personal identification number (PIN) or other sensitive information.
Other details to watch out for:
— The email’s subject line (used to indicate the purpose of the communication) is empty or has a generic message
— Low-quality images
— Attached links whose URL begins with “http” instead of “https”
— Pages that accept false user data
Here’s an example so you can better visualize what we mean:
Remember that a hacker could pretend to be a top executive, a coworker, a partner, a supplier, a banking representative, or even an attorney. To protect your business against these scams, be sure to educate your employees on the different manifestations of fraud, how to detect it, and what to do when a threat is identified. Your employees are your business’s first line of defense and being aware of the dangers is the first step towards protecting your company.