How to Recognise Email Scams:
91% of cyber-attacks start with an email, so it’s vital we learn to recognise and protect ourselves against email scams of all varieties. Good security starts with a proper understanding of the threat, so here are our top tips for defending yourself from email scams:
Tip no.1: Check the Sender
Mimicking someone you would trust is a common scheme scammers use to get you to open their emails. If an email looks like it comes from someone the victim knows, such as a director or financial administrator from their company, they may well implicitly trust the email and follow any instructions laid out within; including sending sensitive information or payment! Check the sender’s email address is right, and not just one designed to look similar. However…
Tip no.2: Accounts Can Be Compromised
Even if an email comes from an address you know belongs to someone you trust, that doesn’t automatically make the email trustworthy!
After someone’s account or computer is compromised, a common first step for a cybercriminal is to hijack their email account and send out infected files or phishing emails, relying on the trust you have in the sender. These attacks commonly demand immediate action that can compromise your account, too. When an email seems out of the ordinary, or requires you release sensitive data or money, take a moment to consider whether the email matches the person contacting you, and if you’ve any doubt at all then try to contact them through a different means and confirm their request.
Tip no.3: Be Extremely Wary of Attachments
With an infected attachment, a cybercriminal can quickly take control of your systems, steal your data, or ransom your own files back to you. Before opening any attachment, you should be absolutely sure the attachment is something you’re expecting, and even then we’d recommend scanning the file first.
Almost any file can be infected: PDFs, Word documents, spreadsheets, and more. A common method of tricking the user into opening an infected Word file is by claiming the file is an invoice; the victim then opens it (or, even worse, sends it to their finance department) just to find out what the invoice is for, and the infection is free. At Kogo we use a system that scans all attachments (and links) before releasing them to the user, just to be sure no infectious files get through!
Tip no.4: It’s Too Good, or Bad, To Be True
If there’s ever an email in your inbox that seems almost too extreme to be real, take a moment to question whether it really is. By playing on extreme emotions, and a requirement for a quick reaction, scammers attempt to play on primal fears or desires to bypass their victim’s logic and get them to act without thinking.
Too often we see emails like the following:
“We need a massive amount of your product/service immediately; see the attached brief, we’ll pay extra for the rush.”
“I’m very disappointed you still haven’t changed our banking records. Incoming payments must go to , please action at once.”
“I’m very pleased with how you’ve excelled in the office this quarter, so I’ve attached an Amazon voucher. Enjoy!”
If an email calls for immediate action or seems to be playing on your emotions, question it before acting!
Tip no.5: Staff Training:
With 90% of cyberattacks occurring from human error, it has never been so important to train your staff!
Training your staff on how to recognise suspicious emails can save your company from disaster! That’s why we provide KnowBe4 training.
KnowBe4 has fast become the world’s most popular integrated Security Awareness Training and Simulated Phishing platform and allows you manage and help teach employees to make smarter security decisions. With this world-class, user-friendly and effective Internet Security Awareness Training, KnowBe4 provides self-service enrolment, and both pre-and post-training phishing security tests that show the percentage of end-users that are susceptible to a cyber-attack. KnowBe4’s unique “double-random” scheduled Phishing Security Tests, keep employees on their toes with security top of mind, and can provide instant remedial online training in case an employee falls for a simulated phishing attack.