Protecting Yourself From Scams

by | Jul 16, 2024 | Online Security, Scams | 0 comments

ScamsScams are nothing new. People have been engaging in fraudulent activities, scamming, conning, grifting, etc for centuries. Just look kids! If you do <something> / give me <something>, I’ll be your best friend. There are so many scams that by this point in time, I would have expected you to have experienced at least one attempt.

Scamwatch states that a scam is:

When someone deceives you into providing personal or financial information so they can steal from you

They go on to say that scams often built around these concepts:

  • An amazing opportunity to make or save money
  • Someone you haven’t met needs your help – and money
  • The message contains links or attachments
  • You feel pressured to act quickly
  • They ask you to pay in an unusual or specific ways
  • They ask you to set up new accounts or PayIDs

What they’re actually targeting are things you don’t (fully) understand. They’ll try to make you panic or make snap decisions; target naivety; appeal to a frugal or greedy nature; or hope you desperately need money.

In short, they’re not very nice. And if they’ve been successful with you in the past, they’ll continue to target you.

In the past, a few of our clients have received emails from an external source claiming to be their CEO or a marketing employee requesting that the financial staff provide them with gift cards for clients. Fortunately, this set off alarm bells because it was a weird request given their type of business, and there was a big note on the email flagging that it had originated from an external source (not within the same email domain).

The email itself was from an obviously unrelated Gmail account. Presumably it was hoping that the recipient didn’t see more that just the name. For example: Australian Tax Office <totallyunrelated9875@gmail.com> is not from the ATO. The sender has just set up the Australia Tax Office moniker in the settings of their email client. In this example, the scammer set their Gmail name to be the ATO. In one of our client’s cases, the staff member got the wrong end of the stick then and assumed that the CEO’s email had been hacked. I would prefer a short overreaction than simple compliance. Once I saw the email in question and explained it as per the above, everyone calmed down. The next couple of days saw a few repeat cases across the company.

Protect yourself before they arrive

This next section isn’t just for scams, but advice that covers scams and bad files / images that may be sent to you.

Block image / attachment auto-load

Why? Even file types that you recognise can contain things that are specifically crafted to let the bad guys gain a foothold in your computer. Remote files (like images) are living on a server somewhere. When that image is loaded, the server knows about it. In the case of the bad emails, they can use this to verify that you opened the email (this is a normal situation, and is used in EDMs / newsletters).

For some email programs (i.e. Thunderbird), this is default – but all email programs have settings to disable auto-load.

How to change the setting in Outlook.

How to change the setting in Mac Mail

Mac Mail can also do another thing too, namely forcing your traffic through their own servers like a VPN (they don’t call it that though.) With this on, the sender can see you’ve opened the image, but your internet location (IP address) is obscured. Oh, and Apple also see what you’ve opened 👀

Ensure that the sender email address is shown

This is with a view to distinguish between the real sender and a pretender, and is default in both Outlook and Thunderbird.

How to change the setting in Mac Mail.

In Outlook, you can get fancy and have the sender email addresses show in your email list too.

Employ a Email Filter

There are a number of products that can be put in between your email and the internet that filter things before they land in your inbox. Normal anti-virus or anti-malware operate on your computer, while these email filters process the email before you even have access to them. These systems check the links and attachments in the email to ensure that what you get isn’t going to do bad things, or take you bad places.

What to do when you get a scam email

Received a strange request?

  • Check the from address, not just the name.
  • Check with the alleged sender out-of-band (meaning, via a different communication method). Preferably by a different contact method such as SMS, phone, online chat, or different email address. At the very least compose a totally new email where you know the email is theirs.

Received a unexpected email or social media direct message with:

  • out of character phrasing,
  • peculiar word choice,
  • unusual grammar,
  • asking you to do something you wouldn’t normally do?

Then:

  • Don’t open attachments.
  • Don’t perform the request. First check with the alleged sender out-of-band to ensure they sent it.
  • If it’s not from them, delete the email from your computer entirely (from the bin/recycling too).

 

Want to know more about Email Filters?

Talk to us to day about your email security.

1300 558 504

Submit a Comment

Your email address will not be published. Required fields are marked *