Marketers love email. Email has a much higher open and interaction rate than any other form of advertising. That's why you get so much spam.
Whatever happens to be the most popular method to get a message across with marketers, you can be sure as hell the bad guys will be following closely behind, ready to exploit those same techniques for evil.
The vast majority of hacks and infections get through your defences by tricking you into opening an email that contains malware. Once installed, the malware will quickly infect your system and network.
Here are five things you should look out for when opening an email attachment or before clicking on a link.
The email is from your "boss"
Hackers are taking advantage of unsecured email systems to send emails that pretend to be from your boss, asking you to make an "urgent" bank transfer. Typically, the “reply to” email address (which is hidden by most email clients) will be different to that of your real boss. Once you reply, the scammer will respond with details on how to make the payment.
This email scam works as most employees prefer not to question their boss. If you get an email like this always phone your boss first to check if it is genuine before responding.
The overdue invoice trick
This trick is quite old (in terms of email scams) but still many people fall for it. Typically, the email is sent to busy accounts departments, pretending to be an overdue invoice with a Word document attachment. Once you open this document, it will ask you to click a link or enable macros. If you were to do this you would trigger a process where ransomware will get downloaded onto your computer. The malware will then encrypt your files, leaving them inaccessible until you pay for the decryption key.
Never open emails from a business or individual you don't know. If you do happen to open the attachments, never enable macros or click on links, no matter how irresistibly worded the document is.
The email is from an African prince promising you millions
Come on... If you fall for this scam and hand over your bank account details to a random “Nigerian Prince”, you probably deserve everything that comes your way.
Watch James Veitch on what happens if you do reply to these scams.
Watch out for poor spelling and grammar
Most scammers are based in Eastern Europe, and English is not their first language. English is renowned for being one of the hardest languages to master.
It turns out that this is helpful for identifying scams as the wording of a scam email just won't “sound” quite right. Strange sentence combinations, weird grammar and obvious spelling mistakes are all signs of a scam email.
Forged emails pretending to be from well-known brands
Fake and forged emails will often pretend to be from well-known brands such as Amazon who you probably already have an account with. Each email will contain links for you to click, usually under the pretence that there is a problem with your account and you need to change your password or update your payment details.
If you were to click one of these links, you will be sent to a fake web page that looks very much like the real website of the business, but is actually run by hackers. Any information you enter will be sent to the hackers, and not the company you thought it would. They can then use your account details to break into your account and make unauthorised purchase in the case of Amazon.
The secret is to never click on links in emails - even if you are sure they are legitimate. Instead, you should open your web browser and manually go to the website of the company, to change your password, payment details or other account information.
What should you do to protect your business?
The scams above are a quick list of some common ways criminals will try to defraud your business, but there are other advanced techniques that can be used to attack your business.
The UK’s Action Fraud has some more tips and advice to avoid scam emails, and what to do if you do get caught up.
Ideally, you want to prevent these emails getting to your employees in the first place. Using industry leading spam and security filters powered by Google we can keep spam out of your inbox better than other solutions. You already have too much legitimate email that you need to action, let's remove the spam to make you email a little easier to manage.