A phishing scam is the name given to the fraudulent practice of deceiving individuals into revealing personal information, such as passwords and credit card numbers, through email by posing as legitimate, trustworthy companies. Anti-virus giant, Kaspersky, reported that users of their security software had content linked to phishing blocked one million more times during the first quarter of 2015 than in the final quarter of 2014.
As the general public become wiser to the types of fraudulent email many of us receive several times per day, hackers and fraudsters have inevitably had to raise their own games to maintain the same levels of success by duping even the most computer-literate and vigilant of us.
We’ve recently issued warnings to our customer base due to an upsurge in a particularly intelligent phishing-type scam, also known as “CEO” and “Bogus Boss” Fraud. Hackers are now researching information available in the public domain (such as Facebook and LinkedIn) and then masquerading as legitimate members of your company in an attempt to coerce the unsuspecting into parting with sensitive information and, usually, cash assets by deceptive means.
The evidence forwarded onto us by our customers is credible and believable to the untrained eye, with the sender of the email purportedly being your very own Finance Director or Chief Executive, often targeting members of the Finance Department requesting that company transfers of thousands of pounds are made into previously unused bank accounts. Company logos, signatures and domain names all make the emails appear genuine. It can sometimes be awkward checking with colleagues in positions of seniority, and it is this sentiment and vulnerability that the fraudsters play on for their own financial gain.
Upon closer inspection, the domains in the display name of the email address you see often do not actually match the source of where it was sent from, providing a tell-tale sign that you weren’t far away from being the hackers’ next victim. Malware is also often prevalent in attachments and clicking on links can install software authorising and triggering payments to the fraudster’s nominated account.
The advice we’ve been giving, which is echoed by institutions such as the FBI, is for the avoidance of any doubt; attempt to receive verbal confirmation before making any payments and to always err on the side of caution. According to FBI statistics, the losses attributed to this type of fraud amount to £1.6bn over the last three years, with the average loss per scam standing at between £17,500 and £52,500.
Syntax IT’s advice:
- Install a reliable, regularly updated anti-spam solution, such as our very own Mailminder product.
- If you’re suspicious, check the domain the email was sent from (the address after the “@” symbol) to make sure this correlates with what you were expecting and keep an eye out for typos and subtle variations. Also check link URL’s in the body of emails by hovering your mouse over them to make sure they point to where they claim to before clicking.
- Poor spelling and grammar are often giveaway clues as to authenticity or lack of it and fake emails often contain foreign characters (such as, %$~!* etc.) which enables controversial and abhorrent content to evade spam filters.
- Watch out for the message asking for personal information in a forthright manner, especially when imposing a time limit on your reply.
- Call it instinct, but if you have a hunch something isn’t right, it probably isn’t.
To talk to us about our Mailminder anti-spam solution, or if your organisation would like more information on phishing attacks and how to avoid them, please give us a call, on: (0844) 2641310.