Rise in targeted email scams
As spam filters become more effective at blocking large-scale automated emails, we are finding criminals are turning to more targeted and well-engineered attempts to defraud businesses.
Recently we have seen a rise in different types of attacks. Due to their nature, some of these emails cannot be picked up by the spam filters. In this case, we believe the best defence is awareness.
Payment & money transfer requests
These types of emails can be the most well-engineered and dangerous, attempting to defraud companies by thousands of pounds. Criminals are using the real names and spoofed email addresses of company directors and senior managers to request payments or money transfers from finance staff.
Attacks of this nature are increasingly difficult to detect through automated systems and therefore requires staff to be vigilant and suspicious of any financial requests that appear out of the ordinary in any way.
Change of bank details
Another approach is for criminals to imitate your suppliers, advising of a change of bank details so that you make payment into a criminal’s account.
Notifications & password resets (phishing)
In more widespread attempts, spoof emails may look like password reset emails from Microsoft, parcel delivery notifications, fake cloud file sharing or voicemail alerts. These emails usually include a website link which, if clicked on, will ask for your details.
Alternatively, phishing emails may try to encourage you to download a document, claiming someone has sent you an online file. Clicking on these links could download a virus that infects your device with malware, allowing a criminal to steal any personal or banking details held on your device. This can then be used fraudulently or held to ransom to get you to pay a fee.
What can I do?
- Brief your staff, specifically any personnel who can make financial payments, to be vigilant and suspicious of any emails asking for unexpected payments. If there is any doubt, contact the requestor independently.
- Don’t call numbers or follow links provided in suspicious emails. Find the official website or phone number using a separate browser and search engine.
- Carefully hover your cursor over the link or senders email address (without clicking it). If the email address or website URL address looks suspicious, delete the email.
- Look out for common signs (incl. poor spelling or deliberate spelling mistakes to fool the spam filter). Also, the email may not be addressed to you by name, but to ‘dear customer’, or ‘dear email address’.
- Never give away personal details or passwords.
Reporting scams and getting help
Suspicious emails can be reported to the police’s National Fraud & Cyber Crime Reporting Centre Action Fraud online or you can call them on 0300 123 2040.