The cart is empty
Category: General
Written by Ken Quigley
June 15 2020

Recent evidence has shown that world pandemics, civil unrest, and a tanking global economy has not deterred email scammers one iota. Anyone that naively thought that these fraudsters would be swayed by a conscience have misunderstood their foe. These people are criminals, plain and simple, and as such prey upon people's vulnerabilities, so these current circumstances represent a heightened opportunity for them to ramp up their attacks - especially as employees work from home - away from the protection of their business firewalls.

In fact, fraud statistics have shown that small businesses lost an average of 5% of the gross revenues to fraud in 2018, with online billing schemes comprising of 29% of the frauds perpetrated against businesses with less than one hundred employees. The ransomware statistics are even more chilling:

  • By the end of this year, there will be ransomware attack every 11 seconds, with a a global cost of $20 billion yearly.
  • Today, businesses suffer ransomware attacks every 40 seconds.
  • Phishing emails are the cause of two-thirds of ransomware infections.
  • Every year, ransomware generates an estimated $1 billion in revenue for cybercriminals.
  • About 9% of the American population has been a victim of a ransomware attack at some point.

Yes, the threat is real, and while the overall sophistication of the attacks have increased compared to the old brutish "spray-n-pray" methods of the past, there are a number of simple tips that can keep you safe from these fraudsters, and will defuse a majority of the current phishing threats:

  1. Watch for spoofers: "Spoofers" are senders that cloak themselves as people you know in the email header, causing you to pay less attention to the actual sending address. For instance, my team regularly get's emails from "Ken Quigley" <This email address is being protected from spambots. You need JavaScript enabled to view it.>. The habit is to pay more attention to the header than the source, and this leads people to trust nefarious sources. Always check the source. It's not a guarantee of authenticity, but it will filter out the majority that are not.
    Also, look for slight misspellings of popular domains like amazon, ebay, federalexpress, UPS, etc. It only needs to be one letter off to expose itself as a wolf in sheep's clothing.
  2. Don't get attached: As a general rule, do not open an attachment in an email unless you're expecting it, and certainly none that provide you a password. To be clear, trusted vendors do not send you bills in a zip file, nor do customers provide you RFQ's or accepted quotes in the same format. This may seem obvious, but this is how the majority of ransomware and viruses are transmitted. To make matters worse, file format's like Excel, Word, and even PDF's can contain pernicious code, so apply this rule to all attachments. If you REALLY need to confirm an attachment you believe to be genuine, open it on a mobile device first. If it points to an external link or, prompts again for a password, you should delete with extreme prejudice..
  3. Confirm source in a meaningful way: Virus profiteers are becoming increasingly sophisticated, so many targets are being duped when they reply to a suspicious mail with the question "is this for real", and they get a quick reply confirming it's authenticity. Expect that most phishing victims will vet these emails with the same weak security questions, so ask something more challenging like "how do we know each other?". You'll be surprised at how few, if any, correct responses you get.
  4. Give it a mouse-over: A simple trick to separate fraudulent emails from those that are genuine is to mouse-over all hyperlinks and graphics in the email to reveal whether the hyperlink matches the displayed link (again, remember not to be fooled by misspelled popular domains). Some email programs will allow you to right-click on the email body and "reveal source", which will show you all the back-end code at once, but generally you need only concern yourself with the hyperlinks and graphics. 
  5. Delete, never Unsubscribe: The presence of a benign looking "Unsubscribe" link at the bottom of an email does not make the sender conscientious, or the email genuine. An unsubscribe link is still a hyperlink, and presents just as big a security risk as any other link in the email. Also, even if an email is more spammy than scammy, clicking "Unsubscribe" will often just verify your address as "working" to spammers, and land you on more distribution lists.
  6. Distrust by default: If you view all emails with scrutiny, you'll develop a mindset to look for reasons to "distrust" emails rather than looking for reasons to trust them. There are too many suspicious signs in scammy emails to be fooled by one apparent sign of authenticity, so look for reasons to "delete" a suspicious email, not for one to open. For instance, here are a few tell-tale signs that an email may be fraudulent:
    1. Bad spelling or grammar
    2. Does not contain your exact name, account number, and address (generally "Dear Customer" emails should be deleted)
    3. The email is sent to a different account than the one you generally use for ecommerce
    4. A source email with a TLD (Top Level Domain) that ends with a foreign or unrecognizable domain (for eample., *.ru, *.xyz, *.chn) should be deleted.
    5.  As my father used to say, "no one is looking to give you money". Apply this logic to your front door and your inbox, and you'll be safer for it. No legitimate source needs your help accepting payments or wire transfers, and you will NEVER learn of an unexpected inheritance by email.
    6. Too good to be true: Emails purporting to cure diabetes, improve your memory or sexual performance, or reduce anything (fat, debt, wrinkles, your blood pressure, you name it) are NOT genuine. Don't confuse your "wish" for a fact. Delete and move on.

Always remember that there is no anti-virus or security software that will safeguard you and your business as well as common sense. Security threats, ransomware, and viruses do not come through the front door, they penetrate businesses through the weakest link, so teach your team to be vigilant, to distrust by default, and share these simple tips to stay safe.

Share with a friend

Who we are?

Specializing in CRM software for small to medium sized businesses, through expert counsel, deployment, hosting, support, and development services.

Delivering fruitful CRM solutions since 1994, Keystroke is the #1 Act! Reseller in the World and Master Act! Distributor for Canada.

Contact Keystroke

Get in Touch

Toronto   500 Gordon Baker Rd. Toronto, ON, M2H 3B4
Toll Free : 800.857.0558
Office : 416.499.3090
Fax : 416.499.1090

Kitchener   250 Woolwich St. S. Breslau, ON N0B 1M0
Toll Free : 800.939.4737 Ext. 1
Office : 519.579.1408

 
paybillicon56x58px  

Pay your bill online

 

Monday to Friday: 9AM to 6PM EST
Saturday & Sunday: Closed

Your Cart

×
Customers that ordered this item frequently bundle it with the following products or services for the best user experience
Save 10% on eligible items when bundled with this product
The cart is empty
Continue shopping