According to recent research, email malware is now at its highest rate in five years and spear phishing emails target more than 400 businesses every day. Even more shocking, these scams have cost internet users £3 billion over the last three years.[i]
One of the main secrets to these attacks’ success is their adaptability and ever-evolving strategy, however there are a number of ‘typical’ emails circulating that we’ve heard about. Here we outline some of the most common criminal email schemes of the moment and how to avoid them.
The Amazon ‘Order Confirmation’ Scam
With online shopping more popular than ever, many people are weary of their details being stolen in order to make purchases on the net. The criminals behind this latest email scam play on this fear by sending unwilling victims what appears to be an Amazon order confirmation clearly marked with the phrase ‘If you haven’t authorized this transaction, go to the Help page for full refund.’
What users may not realise is, although the email is branded and looks very convincing, it is not from Amazon. This is a scam email to trick users into revealing their Amazon login details and therefore bank details and personal information as a result.
Amazon is aware of the scam and is doing what it can to raise awareness of this phishing scam. The ecommerce giant has released a guide to spotting suspect emails, including points such as checking the return email address and for spelling or grammatical errors.
In the image above, these errors are strife. Despite reportedly coming from the UK site, ‘authorized’ is spelt the American way and the ‘refund’ sentence is missing a word.
If you have received a similarly suspicious email, please forward it to stop-spoofing@amazon.com.
The Netflix ‘Update Info’ Scam
Netflix has nearly 100 million subscribers worldwide, therefore the likelihood of a user falling for a ‘Netflix’ email scam is highly likely. In early 2017, hackers did just that and implemented a large-scale email scheme that targeted online subscribers.
Users reported receiving emails asking them to update their information, which led to a page that also resembled the site. Except Netflix never sent the messages, the email and site were fake. Online attackers had set up the elaborate scheme to acquire users’ personal and banking information.
The issue has been presented to Netflix and in a recent statement published in Condé Nast, a spokesperson revealed the organisation was taking the issue very seriously and had implemented ‘numerous proactive measures to detect fraudulent activity’.
How to Spot a Scam
Although these fraudulent emails can be very convincing, you should always exercise caution and take the following steps before engaging with them:
- Check for spelling, grammatical or typographical errors.
- Analyse the sender’s email address.
- Check if it addresses you by name or not.
- Inspect the quality of branded logos and images.
Sometimes you don’t need to check all of the above. You simply get a bad feeling that something doesn’t look right and follow your gut.
A secure messaging solution such as Maytech’s Cirius can help safeguard your communications and help you to control what enters and leaves your organisation. However, knowledge is key in tackling these dangerous scams.
We would recommend implementing robust cyber-security training throughout your organisation, so employees are aware of the everyday threats that are lurking in their inboxes.
Have you received a suspicious email like those mentioned above? Tell us about it in the comments below.
This post was written by John Lynch, CEO at Maytech – a secure cloud data transfer and online file storage platform provider trusted by leading global companies for 24/7 support.
