When Familiarity Breeds Complacency – How to Identify Authentic Emails

For many, a daily routine exists from the moment they sit at a desktop or take their first swipe of a tablet. It involves identifying important emails in your inbox and disregarding the spam. In most instances, this is a tedious yet simple task. We click on emails from contacts we know, or from an organisation we trust, and delete those we have no interest in. We look for the familiar and discard the unknown. It is a routine that drains time but a system that in the past has kept us reasonably safe from hackers. Repetitive yet necessary.

However, cybercriminals, ever the innovators, have recognised in this complacency an opportunity. The most recent case involved the cloud-based document sharing platform, Google Docs. A deceptive email began to circulate that invited recipients to click a link to access a document. The email looks authentic, with the hackers naming individuals known to the intended victim. This familiarity has led people to click without concern, offering unsavoury individuals access to their email account, and with it the personal details involved in correspondence with friends, colleagues and clients.

The Google Docs scam played on complacency and isn’t the only example. Courier companies have been given a similar treatment. The major players, including UPS, DPD and DHL, have all been subjected to imposter communications. Recipients are asked to click a link to access more information about a parcel or have been asked for a payment to release goods. The email bears all the hallmarks of the courier company named, with authentic branding and logos. Unfortunately, it is an illusion, with the attached link giving hackers access to your system, and the ability to fraudulently harvest details and payments from unsuspecting victims.

The biggest issue is that if you have interacted with a company or individual before then, you will have little reticence in doing so again. Cybercriminals play on this complacency and use it to their advantage. However, there are simple ways to avoid being duped:

  1. Stop and search for inconsistencies. Pause and consider whether the email looks identical to others you have received. Are there any slight variations? Check the company’s website, to ensure the branding and logo really do match up. If in any doubt delete the email, or call the company to ask whether they have, or ever would, ask for the details requested. 
  1. Hover over the link. The simplest test to see whether an email is from who it claims to be from is to hover over the link and check the URL displayed. It will become immediately obvious that the email is fake if the URL has no relation to the company is has supposedly been sent from.

The key message is vigilance. Understanding there are risks and taking the time to analyse the situation before it unfolds can mean the difference between defence and disaster.