- 13th January 2020
- Posted by: Phil Aston
- Category: Security
It’s thought that 91% of all cyber-attacks start with a phishing email.
Even if ‘phishing’ isn’t a term with which you’re familiar, you’ve probably been targeted. At some stage during our working and personal lives, we all receive an email that purports to be from a source that it isn’t.
Sometimes, the clues are there; dodgy logos, odd email address, poor grammar – but email scams and attacks are becoming increasingly sophisticated and harder to spot.
That means it’s easier than ever to be tricked.
Here are the most common email scams and hacks you should be aware of.
This is often the starting point for a hacker. By gaining access to your email account, they quickly configure an email forwarder which sends a copy of all your incoming email to them.
This happens entirely without your knowledge and enables the attacker to build a detailed knowledge of your email activity. Incoming invoices, order confirmations, confidential exchanges, password re-sets; it’s all there for them to see.
Email forwarders require patience, but the pay-off is big for hackers who want to find opportunities to steal your personal data and use it for illegitimate financial gain.
Would you notice the difference between an email address ending with abccompany.co.uk and one with abccommpany.com?
That additional letter might all that’s required for a hacker to fool you into thinking they’re from a legitimate supplier.
Alternatively, they may simply choose to register a domain name with a different extension such as .net. Again, there are tricky to spot if you’re using your phone on the move or you’re in a hurry.
This is a clever but cruel trick which relies on precise timing to be effective.
Let’s say you’re waiting for a follow-up email from a supplier containing their bank details. It arrives, and you think nothing of noting down the bank details and transferring the money accordingly.
Only, that follow-up email wasn’t sent from the supplier – it was sent from a spoof account, owned by someone who has been watching your exchanges from afar and who had the foresight to set up a domain name spookily close to that of the real supplier.
These kinds of scams are incredibly tricky to spot, but once again point to the importance of checking that ‘sent from’ email address before acting on the instructions.
Compromising the supplier
We’ve seen plenty of instances of big-name data breaches, and that means it’s not unusual for suppliers’ email accounts to be hacked and used to fool customers.
This happened to US-based United Rentals earlier this year. The firm’s customers consequently received a number of fake invoices, and you can hardly blame them for assuming their legitimacy, given that everything appeared to check out.
Once a hacker gains control of a supplier’s email account, the world really is their oyster, but this illustrates how important it is to contact the supplier directly if you receive something that you’re not expecting.
You might be inclined to think that a PDF attachment is safe, but they can be just as harmful as dodgy links or other types of attachment.
PDFs can be intercepted and edited by hackers. A change of bank details might be all that’s required to fool the recipient and is unfortunately rather difficult to spot.
Keylogging is a hacking technique that’s been around for quite some time and is often used in conjunction with email scams.
Keyloggers are pieces of rogue software which silently install themselves on computers and record the key presses made by the user. This enables hackers to identify password entries and steal login details.
Combined with the information they can obtain by gaining access to your email inbox, keyloggers effectively open your digital world to hackers. Clueing up on cyber threats and how to beat them is therefore a very good use of your time.
Email hacks aren’t always based solely on computer wizardry – they often rely on something far more cruel; social engineering.
This is a process used by hackers to gain access to information by tricking people into handing it over. They’ll often pretend to be someone else or convince you that handing over confidential information is in your best interests. This might be done over email or via the phone.
For instance, imagine the hacker who takes on the persona of your boss (who he knows is on holiday thanks to an email forwarding hack). Rather than sending email from the boss’s work account, the hacker instead sets up a Gmail account in the boss’s name and sends you an email explaining that’s the best way to get in touch with him during the holiday.
Would you believe him? You wouldn’t be alone, if so.
Help is at hand!
As you can see, email scams are meticulous, clever, and pray on good human nature. They can be spotted, though – if you have the right knowledge and IT support.
There’s no escaping the fact that we’re all likely to be targeted with scams of this kind regularly during 2020.
Therefore, if you’re concerned about your cyber safety, please get in touch with the friendly team at Compex – we’ll help you become more cyber aware.