Recently we have received a lot of reports of email scams. However, these are becoming harder to spot. Especially when the email comes from one of your work colleagues real email accounts.
What does it look like?
How does the scam work?
This style of email appears to be from one of your colleagues. If you click on the PDF attachment, it will send you to a web page requesting you to enter your One Drive email and password. However, this login is not actually One Drive. The scammers are harvesting passwords to One Drive accounts so as soon as you have ‘logged in’ to this fake account, they have your details.
With these details, they have access to all your emails which could include customer contacts. Once they gain access, the same scam email is sent from your account. The issue with this scam is, it’s not a spoof email, it’s a genuine email as it has come from your account, therefore recipients wont suspect anything. There is also no virus in this email so it won’t get flagged and caught by SPAM filters.
It doesn’t end there. The scammer then creates rules in your Outlook account, making sure that the email is deleted if anyone sends a reply. The scammer will also wait for large payments that your clients make to your company, then send them an email saying you have changed your bank details and payment should be sent to a new account. This of course is not the case and your clients end up paying the scammer large amounts of money because of an email sent from your account.
Ten tips to avoid email scams
1. Ensure your business is up to date with the latest technology
2. Have strong passwords which are ideally changed every three months
3. Have antivirus and monitor your systems ensuring these have had the latest updates
4. Knowledge- ensure all staff are educated on the latest scams and share your knowledge
5. Don’t click on any links or attachments that you suspect could be unsolicited or unexpected
6. Don’t respond to emails requesting your personal, financial information and passwords
7. Don’t log in to a web page that you have reached through a link in an email
8. Remember fraudsters can create websites that look similar to the real supplier or banks to capture your information
9. Emails can be spoofed, if something doesn’t look right, contact the sender via another method (not email)
10. Implement a protocol for suspicious emails. Whether it’s your IT provider checking, a spam filter or a policy for new payees
What to do if you/ your business fall victim to a scam email:
1. Report the incident to Action Fraud
2. Call and inform your IT provider
3. Inform everyone who may have been affected both internally and externally to the company