The online world is teeming with scammers and con artists and it is up to each one of us to understand and secure ourselves against this growing criminal activity. Emails, a convenient and powerful communications tool is unfortunately a vulnerable target and provides online malicious individuals an easy means for luring potential victims.
A recent article in the Jakarta Post highlighted the modus operandi of the cyber criminals who ‘illegally monitoring and hacking the emails and asked the two American companies to transfer money to an Indonesian account by saying that bank accounts were undergoing an audit.’
Some other businesses have lost large amounts through email fraud. The scams they attempt run from old-fashioned bait-and-switch operations, phishing schemes and increasingly sophisticated social engineering and identity theft, using a combination of email and bogus web sites to trick victims into divulging sensitive information.
- Phishing is essentially an online con game and phishers are nothing more than tech-savvy con artists and identity thieves. They use SPAM, malicious web sites, email messages and instant messages to trick people into divulging sensitive information, such as bank and credit card accounts, usernames and passwords.
- Spear phishing is highly specialized attacks against a specific target or small group of targets to collect information or gain access to systems. For example, a cyber-criminal may launch a spear phishing attack against a business to gain credentials to access a list of customers. From that attack, they may launch a phishing attack against the customers of the business. Since they have gained access to the network, the email they send may look even more authentic and because the recipient is already customer of the business, the email may more easily make it through filters and the recipient maybe more likely to open the email.
- Social engineering is a strategy for obtaining information people wouldn’t normally divulge, or prompting an action people normally wouldn’t perform, by preying on their natural curiosity and/or willingness to trust. Perpetrators of scams and other malicious individuals combine social engineering with email in a number of ways.
- Identity theft is a two-step process. First, someone steals your personal information. Second, the thief uses that information to impersonate you and commit fraud. It’s important to understand this two-step approach, because your defenses also must work on both levels. Stealing your identity information isn’t the worst of the crime; it’s what the criminal does with the information that’s damaging: credit card fraud, mortgage and utilities scams; and emptied bank accounts
- Trojan Horse Email offers the promise of something you might be interested in—an attachment containing a joke, a photograph, or a patch for software vulnerability. When opened, however, the attachment may create security vulnerability on your computer or even install software that can remotely monitor and collect your information.
Some recommendations that minimize chances of falling victim to an email scam by understanding what they are, what they look like, how they work, and what you can do to avoid them:
- Filter spam.
- Don’t trust unsolicited email.
- Treat email attachments with caution.
- Don’t click links in email messages.
- Install antivirus software and keep it up to date.
- Install a personal firewall and keep it up to date.
- Configure your email client for security.
- Be careful about what personal information you divulge via social networks. Scammers can gather a lot of information about you when accessing these networks. Social networks can display personal information such as your full name, birthdate and city that you live in. Be sure to check your privacy settings on your social accounts to be sure that information is only visible to trusted friends and family.
- Watch out for “shoulder surfers” that are looking over your shoulder while you are on your computer or phone in a public place.
- Don’t store any sensitive information about yourself or your bank accounts on your computer.
- When disposing of old technology, be sure to completely wipe all information from the device. The best thing you can do is restore the device to factory settings if it is a mobile phone or tablet, or erase the hard drive if it is a computer by installing a clean version of the operating system on the hard drive.
- Use unique secure passwords for each site you visit.
Email scams have been around practically since the inception of the Internet, and it doesn’t look like they are going away any time soon. Fortunately, there are ways to avoid becoming a victim yourself.