Most of us will by now have settled into a daily “work from home” routine. Things may be starting to feel slightly less alien as working from home becomes “the norm”.
Unfortunately, we have seen an increase in reports of spam and phishing emails, as fraudsters take advantage of people’s insecurities and confusion. Fake account holders try to access personal or login information in many different ways.
Please remember these fundamental questions to ask yourself if you receive an email you are not sure of:
- Do you recognise the sender?
- Does the From Name match the From Address?
- Does the email ask you to provide information that you should not divulge by email?
- Is there an attachment that you did not expect?
- If you recognise the sender, does the content match the style and format the sender usually uses?
- If there are links in the email, do not click them. Instead, by positioning your mouse over the link text (without clicking any links), you can see where they lead. Are you confident that each link is genuine?
If you recognise the sender but are not 100% sure, check with the sender by telephone before opening. Please use the company’s advertised number, not the number in the questionable email as that might be a fake.
Here is a real example of a Phishing email received this morning and another fraudulent email that somebody received last week to show you how to spot them as fakes:
Example 1 – Phishing Email
My Office 365 Services are on a Microsoft Office 365 platform, provided by Cirrus IT Services (UK) Limited.
If you look at the “From” name, the name displayed is “Notify scott.magee” but the actual sender address is firstname.lastname@example.org as seen in the angular brackets:
Hovering over the “CANCEL REQUEST” button in the email reveals a fake link preview, not a safe Microsoft or Cirrus IT Services website.
Example 2 – Fraudulent Email
Fake emails should set off your alarm bell straight away. The subject is, “Congratulations.. Open attachment below for more details.” about a lottery win, from no visible sender and sent to “Recipients” rather than showing the recipient name.
Do not open attachments and delete, or mark as spam.
There are some even more sophisticated scams and fraud emails in circulation that are harder to spot. But, if you follow a few steps, you will be able to identify most of them as fraudulent before they do any damage.
You should use layered security wherever possible.
Scanning mail with a reliable mail filter as it arrives, checks for viruses and known threats. Perceived threats are stopped, and you are given the option to review and release them from a secure environment without clickable links or attachments.
The next layer of security should be a gateway firewall, either as part of your router or – for larger organisations – a separate appliance.
Antivirus software is another layer of protection. Choose a different security provider to the mail filter to maximise your chances of the software engine recognising the threat and stopping it.
If your antivirus does not include a firewall, then you should also be using a local machine firewall or the inbuilt Windows Firewall.
It is important to remember that there is not any single software or hardware solution available that will fully protect you from all threats. The most common way for a fraudster to obtain information from you is to fool you into providing them with information. Gaining access to your data can cause financial damage or harm your reputation. The techniques are becoming ever more advanced.
If you follow the advice in this guide, you will be able to prevent most of these attempts.
If you are not sure, verify first before opening any attachments or clicking on any links.