Have you ever received an email that seemed too good to be true or one that left you feeling confused or concerned? If so, you may have been the target of a scam email. Scammers use a variety of tactics to try to trick you into giving them money, personal information or access to your computer.
Social Engineeringis a term describing how cybercriminals research both your business and employees. Employees not in the IT field often arenâ€™t as aware of cyber threats as those that are, so criminals target these employees through human vulnerabilities or social engineering.
These days there are so many different types of scams that it can be hard to keep track of all of them. This article will try to explain some of the most common ones you might encounter, both personally and as a business.
Spam: spam is an unsolicited email, text or social media message which is fairly easy to spot but can be damaging if you open them or respond. Think of spam like junk mail, itâ€™s about sending unsolicited emails about products and services to bulk lists. Common types of spam include coupons, adult content, donation solicitations and unwanted newsletters. They are usually commercial in nature and not inherently malicious, just a nuisance.
According to Guardian Digital, spam email accounted for 54 per cent of global email traffic in 2020. Even though, on average, spammers only receive one reply for every 12,500,000 emails sent, spam emails are seen as highly profitable due to the sheer number of emails sent per day and the fact that the expense of these emails is borne mainly by recipients.
Phishing: phishing is an email sent from a cybercriminal that is disguised as an email from a legitimate and trustworthy source, like a telco, bank or the ATO. The message is designed to lure you into clicking a link that installs malware onto your computer that then captures any personal information/login-in credentials you input somewhere, or into directly revealing sensitive or confidential information on the site they send you to. Phishing scams are often used to target specific individuals who have access to valuable data, such as HR or finance employees. They use social engineering to create highly convincing emails. Identity theft often results from being a victim of phishing. Similarly, Vishing is a process through voice, like phone calls, and Smishing is this process through SMS chats.
According to Astra, 92 per cent of Australian organisations suffered a successful phishing attack in 2022, showing a 53 per cent increase from 2021. As phishing is one of the most common types of email scams, there is a range of clues to help you recognise one.
- Messages requesting your username and/or password
- Time-sensitive threats like how something will happen if you donâ€™t respond immediately
- Spelling and grammar mistakes throughout the email
- Vague or missing information in the â€˜fromâ€™ field or email signature
- Vague, impersonal or awkward greetings
- Any unexpected files within the email or automatically downloading
- Links that donâ€™t refer to the sender/organisation
- Emails about accounts you donâ€™t have
- Emails â€˜fromâ€™ celebrities
- Asks you to reply to opt out of a service
- Highly emotional or charged language
- If youâ€™re unsure if an email is legitimate, always head to the senderâ€™s website on a webpage, not through a link in the email, or call the sender.
Spear Phishing: this occurs when criminals find information about you from websites or social media and then customise a phishing scheme for you.
Spoofing: when criminals impersonate another individual or organisation with the intent to gather personal or business information.
Pharming: when a malicious website impersonates a legitimate website to gather usernames and passwords. This can happen by creating websites with similar URLs or by covering up QR codes with codes linked to malicious websites.
419 Scam: also known as the Nigerian Prince scam. In this type of email, the sender will claim to be a wealthy individual or a government official who needs your help transferring large sums of money out of their country. They will offer you a percentage of the money in exchange for your assistance, but in reality, they are just trying to trick you into giving them your personal information or money.
Lottery/Prize Scam: these emails will claim that you have won a large sum of money or a prize, but to claim it, you need to pay a fee or provide your personal information. Of course, there is no prize, and the scammers are just trying to trick you into giving them your money or personal information.
PayPal/PayID Scam: this one originates from selling products online, such as through Facebook Marketplace and while not directly related to your business, it might be beneficial to inform your employees of it. Essentially, when you list an item to sell, you will often receive a message from someone wanting to immediately purchase the item without wanting to see it. They often try to garner sympathy, explaining how their family member will pick it up, and then ask for your email connected to your PayPal or PayID account. They then explain how theyâ€™ve tried to send the money, but have received an email telling them that they need to send $500 more to expand your transfer limit. When you look at your email, you find you have this email too and they demand your promise that you will send the $500 back if they send it through. The entire operation is a scam, with the email being one that they created and you will never receive any money.
Unknowingly falling for any one of these attacks can cause your businessâ€™ data to be stolen, and can cause financial loss, reputational damage, significant business downtime and even permanent business closure.
As a business owner or decision-maker, it is your responsibility to build a culture of Cyber Security awareness in your company and fill in the gaps in your teamâ€™s Cyber Security knowledge and understanding. If you need tips on how, contact your MSP for help.
You can mitigate spam and phishing attempts by implementing a layered cloud email security solution with the help of your MSP.
It’s important to be vigilant when it comes to scam emails. By understanding the different types of scams, you can better protect yourself and your personal information. Remember, if an email seems too good to be true or makes you feel uncomfortable, it’s probably a scam. Be sure to never give out your personal information, click on suspicious links or attachments or send money to someone you don’t know. By staying informed and cautious, you can help protect yourself from scam emails.