At this time last year, we saw a spike in the number of spam emails referring to receipts that carried potentially harmful viruses, malware and in some cases encouraged fraudulent payments.
Making sure your staff know what to look for can prevent potential data security issues. A lot of successful hackers use links on emails such as PDFs or account details to attack your network.
One of the recent scams we received was from no other than Apple. It contained Apple branding; it seemed to be discussing your best interests, protecting you from a purchase that you haven’t made and asking you to click on the receipt. You are bound to think the email was legitimate coming from a big, trusted brand.
However, if you look closely, the language used is clumsy, there is very little punctuation and grammatically it is missing a few words. These are key things to watch out for on scam emails.
Apple’s own advice is to look to see if the email includes your current billing address. Genuine purchase receipt from purchases in the App Store, iTunes Store, iBooks Store, or Apple Music, include your current billing address, which scammers are unlikely to include.
They also advise you to not click on the link and to login instead to the App store or iTunes for example separately to review your account. If you are asked to update payment information and passwords, then only use the device settings to do so. As they state, emails about your App Store, iTunes Store, iBooks Store, or Apple Music purchases will never ask you to provide personal information such as Mother’s maiden name or full credit card number over email and this is the same for most retailers.
Action Fraud tell you to look out for the following;
- The sender’s email address not matching the organisation’s website address.
- The email does not use your proper name.
- A prominent website link. it is very easy to forge these or use a link very similar to the proper address, but even a single character’s difference means a different website.
- A request for personal information such as user name, password or bank details.
- The email contains spelling and grammatical errors.
- The entire email is contained within an image instead of the usual text format.
- The image contains an embedded hyperlink to a bogus site.
There is also some useful information on the National Cyber Security Centre (https://www.ncsc.gov.uk/phishing) on phishing and how you can raise awareness of what to look out for.
So, it’s important to make sure that your staff are aware of what to look for. You should also make sure that your Antivirus is up-to-date and that you have some kind of malware protection included. Applying a spam filter to your organisation’s emails can also help reduce the amount of spam you receive therefore reducing the risk of an employee clicking on a link.
If you need any help with any of these points, please speak to us. We can help.