Hard Cyber
September 2017
How to avoid email scams and cybercrime
With official figures showing that fraud and cybercrime are now the most common criminal offences1 in the UK, Equiniti’s cybercrime experts reveal their top tips to avoid falling prey to fraudulent emails.
It is 25 years since the first email was sent and in that time it has become ubiquitous across business as the communication method of choice. More recently we have seen the majority of household and personal bills shifting to email. While the convenience of email benefits the customer, it also plays into the hands of would-be criminals who have become very good at mimicking official correspondences.
Unsure recipients should follow these six tips:
If you didn’t ask for it, then immediately treat it as suspicious until you can prove otherwise. Remember, if it causes you any doubt then do nothing. Urgent legitimate unsolicited communication can always be resent to you.
If the email asks you to respond via email, click reply and look at the displayed ‘To’ field. The email might tell you it’s from your CEO but your reply is being sent elsewhere, e.g. ‘[email protected]’
Criminals will try to get you to open an attachment that may compromise your computer.
Phishing requires you to act in order for the attack to be successful. Any communication that requires you to immediately do something should cause you to stop and consider what the communication is actually asking you to do. The use of fear and alarm are common tactics to lure potential victims to engage. This could be an email from your CEO, your bank or even an email from a trusted friend.
Spammers will often try to trick you using sub-domains that don’t match the origin sender for example: http:// paypal.paypal-payments.com.digi1-pay.net does not belong to Paypal. Phishing sites are hosted on websites that are not related to who they say they are, so check a link carefully before you decide to click it. You can do this by hovering over the link with your mouse.
Communications must prove themselves to be legitimate. If it gives you any cause for concern, delete it.
The most important thing is to understand what phishing (whereby someone steals your personal information by way of impersonation) actually is. Be aware that criminals will constantly try to motivate you to handover your information through trickery and fear. These attacks will come into your work life and your personal life so make sure you understand that it is entirely possible for someone to impersonate someone within your organisation, to try and force you to hand over private details.
