Week 6: Email Impersonation

  • Security
  • October 31, 2018
  • FCU Team

Right now, in 2018, more than 3.8 billion people are using email. In other words, over half of the entire planet . On top of that, 75% of those folks say that they check their email on their mobile device. So, it should come as no surprise that fraudsters are taking notice and redirecting their schemes in an attempt target one of our generation's primary forms of communication.  

What may be even worse is that these criminals aren’t just targeting you on your personal accounts, but are finding ways to go after you when you’re on the clock. There are a few different ways they could try and compromise your information so it’s important to know what you’re up against. Here’s what to look out for: 

Password Reset Requests

One of the more common ways that you might be targeted is via phony password reset prompts. These emails contain links that lead to phishing sites where your information could be captured and used by crooks. 

Kierra-email.PNG

How to fight back: 

Visit the site directly. 

When using a desktop you can hover over a link to see where it leads, but since we know that most people check their emails from their mobile device, this isn't always an option. Take the extra step and visit the company's site directly. If you need to reset a password login directly from their site and avoid the potential risk of having your information compromised. 

CEO Fraud

Another type of email fraud that has been on the rise in recent years comes in the form of impersonating upper management or executives within an organization. The way these scams typically work is that over a period of days or weeks the fraudster will build a relationship with an employee in an attempt to gain their trust. They do this by telling the employee that they have an important task or job they want to entrust them with and then eventually will ask for a large sum of money to be sent.

 

Alsiha-Email.PNG

How to fight back: 

Check with the sender

Make sure that any request for a money transfer comes from the right person! Grab the phone and give them a call to verify that the request is legitimate. Better yet, communicate with them face-to-face about the request. They’ll thank you later!

Misleading Email Address 

Maybe you've recently been job hunting online, or searching craigslist for a particular item of interest. Either way, someone has taken notice and might attempt to target you using that information. Often times crooks will respond to ads online or post catchy ads to bait people into giving out their information. 

 

How to fight back: 

Check for typos

Seriously. We know it sounds like a common sense thing but as you've probably guessed its not all too common with this particular group. Typos, grammatical missteps and spelling errors could be blaring signs of something not being quite right. 

Read the "From" address carefully

Have you ever noticed that a lowercase L (l) and uppercase i (I) look exactly like in certain fonts? You should know that the crooks have noticed as well and are taking full advantage. Often times crooks will set up phony email addresses with these interchangeable characters in an attempt to make them appear legitimate. Take your time and verify the "From" address if something doesn’t seem quite right. 

 

If you receive a suspicious email while at work, don’t hesitate to reach out to your Information Services team for advice. If you're worried about potentially having your information compromised on your own time, don't take any risks. It's as simple as deleting the message. 

Sources:

https://www.knowbe4.com/

 2018 Radicati Group study

 

 

Comments
Blog post currently doesn't have any comments.