Email Fraud Security Warning Header Image

Email Fraud Security Warning

IMPORTANT & URGENT

 

EMAIL FRAUD SECURITY WARNING

 

There has been a recent increase in serious e-mail fraud and specific spam e-mails that have been crafted in such a way that they bypass normal spam filtering techniques. 

 

Here are a few recent examples which should assist you in spotting the tell-tale signs of a scam e-mail. Recent spam e-mails are particularly effective as they can appear to come from one of your legitimate contacts, when in reality they have often originated from a spammer or criminal.

 

Example 1:

 

 Example 2:

Example 3: “Spear phishing”

An email which is crafted to appear like it has come from someone in your company, usually a company director.

 

Third parties have tried to trick computer users (mainly those in charge of the company finances) into transferring money from their company bank accounts, based ONLY on the authority of an email. These emails appear genuine, as they are usually crafted to look like they have been sent from one of your regular suppliers or contacts. 

 

 

Looking at the initial message above it doesn’t look like anything is wrong.  This only becomes apparent when replying.

 

 

Example 4: Phishing attack

An attack that tries to get you to enter logon information into a fake version of a well known site, such as Office 365.

 

Some fraudulent emails attempt to collect login information to sites such as Office 365 by sending the user a link to a fake version of the login page. This is usually done via a link to an attachment in the email.

 

 

Clicking the link will take you to a webpage that looks identical to the real login page. Slight spelling mistakes or different words in the address bar can reveal that this is not the genuine website.

 

 

Entering account details into one of these login pages will send them on to a third party who can then use these details to gain access the account, giving them the opportunity to send or receive emails to both colleagues and clients.

 

None of the examples above are as a direct result of any email account being “hacked” or “compromised”, they can be created with relative ease without any access to your internal systems using third party accounts.

 

Please read the online BBC news article in the link below:
 
http://www.bbc.co.uk/news/technology-34570713
 

What can we do to avoid being victims of fraud?


 
It is vital to be extremely careful when transferring any money.  Only release funds if you are certain who you are sending the money to.  This can be done by making a phone call to the recipient to verify the bank details before transferring the money.  Use a known good phone number (like the one off their website), NOT the one in the message.  Equal scrutiny should be applied to ANY request to change bank accounts details, especially by email.
 
It is also important to remember that email is often not a secure or encrypted service and should not be used for sending any confidential information, especially bank details.
 
If you are unsure about any emails that you receive please contact our helpdesk: support@impactcomputing.co.uk