The speed with which we interact online, makes it easy for even the
most eagle-eyed of us to fall prey to a scammer with a reasonably
genuine-looking profile.
Have you ever gone to click a link and then stopped at the last moment? Well if so, read on for our top five tips to avoid a business email phishing scam or BEC (Business Email Compromise).
1. Check business email addresses closely
Cyber criminals use compromised business email accounts, or spoof the sending email addresses. It is, unfortunately, simple to alter the email header, so when it lands in your inbox, it appears legitimate, albeit perhaps generic. An apparently legitimate sender email address is absolutely no guarantee of authenticity.
2. Be aware of the multiple types of phishing
Phishing email attacks are on the rise and they are usually sent out
in large numbers and form part of a broader email spam attack. There are
several types of phishing emails:
Deceptive Phishing:
these impersonate a legitimate sender with the main objective to obtain
personal information and to access to further financial details.
Spear Phishing:
these are highly personalised to get the user interacting with them
directly. They often use a known senior individual’s credentials as the
sender profile to establish legitimacy in an attempt to obtain sensitive
information.
Whale Phishing: this is targeting a
business team as a whole. The cyber-criminal could impersonate the CEO
or a senior executive and usually stresses the need for urgent action.
3. Unusual communications
These will be situations where a legitimate sender cannot use regular
methods of communication. Common scenarios include their normal email
account being down; communication in transit, for example from an
airport; or problems with their mobile phone.
Whilst these
situations genuinely occur every day, scammers exploit them too. They
present a seemingly convincing story as to why they cannot go through
the usual checks or approval process with you and may offer an element
of reward for following their specific requests. If you are in any
doubt, assume the worst.
4. Rewards which could be too good to be true
There could be a reward attached to the sender’s requests. Be wary if it seems over-generous, is a high-value free gift or a vastly discounted item. Usually, these rewards come with a deadline to create a sense of urgency and the target will often act on impulse.
5. Common scams to watch for
Online gift cards, particularly in the run-up to the festive season
with high values that are seemingly authorised by someone already in the
business, or appear as a genuine offer.
Fake invoices, with the
sender impersonating existing company suppliers and tracking regular
amounts, then raising similar invoices used to extract funds in a
fraudulent manner.
Tax Scams, as year-end closes, be on the look-out for requests for personal information via tax checking scams, used to extract personal data via requests purporting to be from HMRC or your HR department.