WARNING: Do not click any links or download or open any files from an email if you are not 100% sure.
Scammers have been around as long as people have been able to communicate. As communication evolved these scammers have changed with the times.
Now with the advent of digital communication the scammers have adapted and are thriving in this online world. Constantly updating technologies and software are designed to crush the majority of these scams but the shear amount means there is an overflow. These end up directly in the users inbox.
It falls to the individual to remain vigilant and judge each and every time if an email is safe or not.
The above warning is the most important thing to remember and is worth saying again:
Do not click any link or download/open any files from an email if you are not 100% sure!
A report from 2022, conducted in part by Stanford University, found that 26% of workers had fallen for a phishing scam.
Interestingly, the percentage of people between the ages of 18-35 that fell for a phishing scam was much higher than those of ages 36-65 (35% to 20%). This may be because the older generations are less experienced with phishing attacks, and therefore less likely to spot the signs of a scam and less likely to report them as such.
It could also be in part to the type of scam being sent out, with more focused around crypto currency which is more likely to attract the younger generations. They also found that 50% of all people that fell for these scams did so in part due to distraction, being overworked or being tired.
When you get an email always think SCAMMER.
S – Suspicion
C – Call to action
A – Accurate email/links?
M – Mistakes
M – Manipulation
E – Enter of information
R – Reward
Below is an expanded explanation of what each of these mean.
Suspicion
- Always be suspicious.
- Scammers pray on users dropping their guard. This is how they are able to trick even the smartest of people. Don’t let your guard down.
- Always double and triple check.
- Read and re-read your emails. Treat them like there is something wrong and look for these errors. Think of it like crossing the road. Looking both ways is a sensible idea as you don’t want to be hit by a car. So why treat emails differently. They can be equally dangerous to you and your company. Give them the wariness they deserve.
- Attachments of suspicious nature
- Emails with attachments should always be treated with suspicion. Most work file sharing takes place through collaboration software like OneDrive or SharePoint.
- Only open or download attachments if you are 100% sure of the sender and that you trust them.
- Be particularly aware of unfamiliar extensions or those associated with malware like .zip, .exe etc.
Call to action
- Being asked or demanded to preform an action, like clicking a link, transferring money or downloading something is known as a call to action.
- A call to action normally has a short time frame or are demanding urgent action which can bypass the users critical mind.
- They can also threaten negative consequences unless action is taken, hastening the user.
- This is designed in an attempt to rush the recipients into action. This can stop the recipient’s ability to study the email which may lead to them seeing flaws and inconsistencies.
- Always take a moment, read an email carefully before acting.
- They can also threaten negative consequences unless action is taken, hastening the user.
Accurate email/links?
Differences in email addresses, domain names and links.
Scam emails often use addresses that are close to but not the same as real ones. You can see the address by hovering over the senders name.
For example, the real email address is
support@ntrustsystems.co.uk
A fake email address could be
support@n-trustsystems.co.uk
support@ntrustservices.co.uk
support@systemsntrust.co.uk
Check the email address against ones you have received previous from that company. Do they match fully? If not the email may not be trustworthy. Links can appear to be for one thing but hide their true destination. Hover over a link to get a pop up of the actual address. Does it match where it says it goes? If not, it’s probably fake.
If an email allegedly comes from nTrust, but the domain is gmail.com then it is definitely not real.
Mistakes
- Spelling mistakes and poor grammar.
- Many companies have an inbuilt spell-checking tool for outgoing emails.
- A real message from a known company is very unlikely to have spelling mistakes, particularly if it is an automated message like a password reset.
- Many companies have an inbuilt spell-checking tool for outgoing emails.
Manipulation
- Is the Email trying to manipulate you?
- Unusual greetings or phrasing within the message?
- Most messages between colleagues will have informal tones (Hi, Hey etc).
- Emails that start with “Dear” or have phrases that are not normally used in informal discussions could very likely be from sources who have little to no knowledge of the style of communication you use in your business and warrant suspicion.
- Imitation of a known contact
- Some times a scammer will pretend to be someone you know. They can ask you to do things in the guise of your boss, looking like you are being told and being given authority to complete a task. This is normally to forward money to an account, or to buy gift vouchers and send them the codes.
- Does the message sound/read like something that person would say? Is it in their normal manner? Does it sound more generic? Does it address you by your correct name?
- If you get a message from your boss like this, give them a call to check. An unusual request should always be checked regardless of who it’s come from.
- The report from 2022 found that 52% of people clicked on a phishing email because it looked as though it had come from a senior executive at the company.
- If a sender is unknown or the user didn’t start the email contact it is almost certainly a phishing email.
Enter of information
- Login requests, Payment information and Sensitive data
- Unexpected emails or ones from unfamiliar senders asking for login details, payment information or data of a sensitive nature should always be treated with suspicion. Scammers can create webpages that mimic real ones and then send out emails containing links to these fakes pages. The hope is that a user may fall for this and enter their login details or payment information or equally sensitive information. Never enter any information into a link unless you are 100% sure it is legitimate.
Reward
- When things are just too good to be true.
- Got an email telling you you’ve won a yacht, but you need to click the link below to accept it? Remember entering the competition? It is very likely to be a fake message.
- Emails that try and encourage a user to click a link with a promise of a reward or ask the user to respond with details to claim a prize are known as “Too Good to Be True” emails.
- It is safer to treat messages like this as fake.
It’s more important than ever in our ever expanding digital lives to be vigilant and aware of the dangers of fake and scam emails. We all need to start treating electronic messages like we do visitors at our front doors. Would you let a stranger in? A a shifty cold caller? An aggressive thug? Emails should have the same level of danger in our minds.
If you need any help with online and email safety and security, we at nTrust Systems have decades of experience in how to keep our clients safe. We are always happy to talk through any concerns or questions you may have. Click here for our contact details.
A related article about how to safeguard your business against cyber attacks can be found here.
