Home Tech How to spot a scam that compromises business email

How to spot a scam that compromises business email

0 comment
How to spot a scam that compromises business email

So this is the first step: take control of your emotions. Yes, it can be difficult if you work in a demanding field. But it’s your best first defense, and your employer will thank you (or, at least, they should).

Always confirm through a second channel

Now that you’re skeptically questioning the legitimacy of the urgent request, verify that the email is coming from the person it claims to be. The best way to do this is to ask; just be careful.

“If you received an email like this, it’s important to pick up the phone and call the number you know is legitimate,” Larson says, adding a caveat. “Do not trust the phone number in the email; it will become the property of the threat actor.”

This is a crucial point: any contact information in the email is probably compromised, and sometimes cleverly so. Use the phone number you already saved in your phone for the person in question, or look up the phone number on an official website or in a company’s official directory. This applies even if the number in the email looks correct, because some scammers will go to the trouble of obtaining a phone number similar to the person they are impersonating, all in the hope that you will call that number. instead of the original.

“I’ve seen phone numbers with two digits of the actual phone number,” says Tokazowski.

Call the person who supposedly sent you an email (using a number you are 100 percent sure is real) and confirm that the request is authentic. You can also use another secure communication channel like Slack or Microsoft Teams, or if they’re in the office, just ask them face to face. The goal is to confirm any urgent requests somewhere outside of the initial email. And even if the person is your boss or some other bigwig, don’t worry about wasting their time.

“The person being impersonated would rather have someone take the time to confirm it than lose thousands or a million dollars in a malicious transaction,” Larson says.

Verify email address

Contacting the supposed sender is not always an option. Otherwise, there are some tricks you can use to detect whether an email is real or fake. The first: check the email address and make sure it is from the company’s domain.

“Always check the domains you receive emails from,” says Larson. Sometimes this will be obvious; Your CEO probably doesn’t send you emails from a Gmail account, for example. Sometimes it will be more subtle: Scammers have been known to purchase domains that look like that of the company they are trying to scam, all in the hopes of appearing legitimate.

It’s also worth checking if the email signature matches the address where the email came from. “If you look at the footer, they will use the company’s actual domain to make it look legitimate, but it won’t match the email address,” Larson says. Just keep in mind that the difference can be subtle. “Lookalike domains are very common: someone will make a slight variation, like an ‘l’ instead of an ‘i’, to make it look legitimate.” One way to check, if you suspect, is to copy and paste half of the domain address into a browser. If you don’t have a website, you are probably dealing with a fake site.

You may also like