Email Scams

I received a phone call today from a gentleman (who shall remain anonymous) regarding email scams and concerns with regard to email security, stating that he had received a threatening email claiming “to have set up malware on an adult web site that was recording the gentleman through his webcam”. The email was received on his work email address and he was obviously embarrassed at the content and concerned; even though he hadn’t been watching/viewing adult websites; he was embarrassed to mention it to his IT department (as he didn’t think they would believe his innocence). He had remembered reading an article recently by Digital Pathways, where we had alerted people to this scam. He had called for advice and I guess some reassurance. Here are the links to the articles in EssexLive, Daily Mail & The Mirror

These scams are malicious and can have a devastating effect. Our previous articles state that there have been instances whereby people have committed suicide as a result of these horrible threats and perfectly stable relationships have broken down.

It is thought that around £30 Million per year could be made from threatening innocent people. If you pay the demand you will undoubtedly receive more unsubstantiated threats and demands for payment.

Our recommendation is to ‘delete’ the email. If you feel comfortable doing so, then report it to your IT department, they can then decide if they want to investigate further and put the necessary defences in place to block future emails from the sender.

“DO NOT PAY THE DEMAND”

This leads me to email security in general; and some basic recommendations on how to stay safe.

1. Learn to recognise fake emails and websites (see a more detailed description on how to do this below)
2. Recognise incorrect URL’s
3. Do not use unsecured websites (Look out for the padlock symbol in the URL bar)

Recognising malicious and fake emails.

1. Firstly, check the email address of where the email is coming from. Email scammers can use extremely clever ways to make it look like the email is coming from a legitimate sender by creating similar looking email addresses or by masking the email sender under a legitimate address. The simplest way to check this is by hovering over the email sender. Does the address match the genuine address? The spoof email addresses are usually quite unusual underneath.
2. Recognising incorrect URL’s – the links in spoof emails usually don’t match the genuine URL’s of legitimate websites, again these can be checked by hovering over the link. If you are unsure DO NOT CLICK ON THE LINK!
3. Genuine websites will have the padlock symbol, especially if they are from well-known brands or official sites; like Banks & Government web sites.

2 out of 3 Phishing attempts use malicious links and over half contain malware. Please be vigilant. If you are unsure please contact the official company/contact direct.

Companies can and should invest in a security solution that can identify an attack and stop it before it reaches your inbox. For more information on Email Security and you can check out some of your other options here.