Email fraud, or phishing emails, are difficult to spot, with new tactics, technologies, and tools being utilised to create increasingly sophisticated emails. These are an attempt to trick you into divulging critical information or opening malicious links and attachments. Learning what to look out for is essential for any business, and it’s important that you teach your employees what to look out for too. One of the best ways to prepare yourself and your employees for phishing emails is to know what they might look like.
So what is an example of email fraud? A common example of email fraud is when a cyber criminal pretends to be a vendor that your company buys products and services from. They will often pretend to be sending an urgent invoice in the hopes that you will pay it or open the attachment without checking the details first.
Read on to learn more about examples of email fraud, how to spot a phishing email, and what happens when you open one.
Page Jumps:
- What Is an Example of Email Fraud?
- What are 3 Signs That a Suspicous Email May Be a Phishing Email?
- Can Your Email Get Hacked by Opening an Email?
What Is an Example of Email Fraud?
A common example of a phishing email that can be sent to target businesses is the invoice scam. Cyber criminals will pretend to be emailing from a vendor that your company regularly deals with and purchases products and services from. They will pretend to be contacting you regarding an unpaid invoice, bounced payment, or failed direct debit. The aim of these phishing emails is usually to get you to send that invoice payment to an updated bank account. These attempts can be very effective if a company doesn’t have the correct policies in place, because the recipient can often send the money without thinking about it.
Another example that we often receive ourselves, is when cyber criminals will send an email pretending to be from a manager, team leader, or owner of a company. This is often accompanied by urgent requests to provide your personal information, such as asking for your phone number because they’re going into a meeting and need to contact you. Luckily, we’ve only ever received examples of this that are extremely easy to spot, with terrible grammar and spelling, email addresses and domain names that aren’t related to the person they’re imitating, and strange wording that would never normally be used. That being said, if a cyber criminal decided to personally target you or your business and wrote these emails in a convincing way, you can easily see how effective it could be.
What Are 3 Signs That a Suspicious Email May Be a Phishing Email?
Because many phishing emails are un-targeted, meaning that they randomly send them to as many email addresses as possible, they can often be easy to spot. But how do you spot it when a criminal has specifically targeted your business?
It’s important to conduct regular cyber security awareness training to ensure that your entire team acts as the first line of defence. It only takes one employee to make a mistake, and you could be vulnerable to an attack. To help, we’ve explained the 3 main signs that a suspicious email could be a phishing attempt.
Content
It’s important to think about the content of any suspicious emails as this can often be the first sign that it’s a threat. Suspicious content can include an unfamiliar tone that the impersonated person wouldn’t normally use, time-sensitive requests that push for urgency or threaten negative outcomes if you don’t act fast, or unusual requests that wouldn’t normally be necessary. Unusual requests can include things like asking for your phone number when you already have other channels of communication at work, or asking you to send your password.
As a rule of thumb, it’s always important to double check any requests for payment or information, as well as when someone sends links without mentioning anything first. Whether that’s checking your bank account to see if the payment they’re talking about has actually bounced, checking with your team that someone has actually ordered that product or service, and checking through your regular communication channels to confirm that they are who they say they are.
Inconsistencies
Because the hackers don’t actually have access to email accounts from whoever they’re impersonating, an easy way to check if a suspicious email is phishing is to check if the email address and domain names match up. You can also look through your previous communications with that person or company and see if the email matches up, or at least matches the same domain name.
If the email includes links, you can check if they are directed to the content they say they are by hovering your mouse over them without clicking. This will show the URL that the link will take you to in the bottom left corner of the screen. If this doesn’t match the content they describe in the email, don’t click it. For example, you could receive an email from ‘Amazon Support’, but the link isn’t taking you to Amazon – this is a clear indication that something is wrong, because Amazon Support would never send you to a website that isn’t theirs.
Spelling and Grammar
While this may not apply all the time, and the emails you need to worry about the most are the ones that are more convincing in this aspect, spelling and grammar is an easy way to spot phishing emails. Businesses that you deal with on a regular basis and employees of your own company are professionals, and will have good spelling and grammar skills the vast majority of the time. If you suddenly receive an email from one of them with bad grammar and spelling mistakes, this should be an immediate red flag.
Can Your Email Get Hacked by Opening an Email?
Simply opening an email won’t compromise your personal data or allow hackers to access your email account. While hacks like these were a reality in the past, email clients now contain security measures that block emails from opening or running any code. With this being said, hackers can still gather some information about you just from you opening an email. This includes your location, the operating system that you use, and your IP address, which can be used in more targeted cyber attacks further down the line.
The main threat of a phishing email comes from links, requests for money or personal information, and attachments. If you notice a suspicious email, do not open anything or reply without first checking the 3 points discussed above, or confirming the identity of the sender.
While it’s an extremely in-depth topic that takes security engineers years to master, the simple explanation is that hackers would need to know your password to gain access to your emails. This can be gained through a variety of tactics such as brute force techniques like guessing common passwords or faking websites so that you’ll unwittingly enter your password.
Are you unsure of whether your business is susceptible to a cyber attack? At NEBRC, we conduct in-depth business vulnerability assessments that identify your weaknesses and provide effective remediations.
Strengthen Your Cyber Resilience With the North East Business Resilience Centre
At NEBRC, we’re a police-led not-for-profit organisation that’s dedicated to your cyber security. We work closely with you to keep your data safe and reduce your risk of cyber attack.
Visit our website to find out about our Business Vulnerability Assessments. Or check out our Security Awareness Training to make your employees the first line of defence against a cyber attack. Or sign up to our free core membership to keep up to date with the latest cyber security matters and keep your business safe online.