One in every 100 emails is a SCAM
... so here’s our foolproof guide to beat the cheats
AN ASTONISHING one in every 100 emails is malicious – designed to trick people into surrendering personal details or downloading scam software on to their computers. The scale of this lurking threat has been revealed by US-based security company FireEye which analysed more than half a billion emails sent in the first half of this year.
It says less than a third of emails sent are considered ‘clean’ enough to pass through filters and actually be delivered straight to an inbox.
The latest figure shows the problem is worse compared to the previous six months, when FireEye said one in every 131 emails had malicious intent.
Tony Neate, of security advice website GetSafeOnline, says: ‘The extent of malicious emails is likely to be far higher than one in 100 once spam emails are included.
‘You have to check everything you receive. It is a shame, but a fact of life.’
Messages containing links or attachments that could infect a computer with harmful software are most likely to be sent on Mondays and Wednesdays.
Impersonation attacks are most likely to be sent on a Friday, according to the report.
The attacks are also becoming increasingly sophisticated. Here’s how to spot them and safeguard your finances.
The bogus emails that copy household brands
SCAMMERS are finding new ways to slip through email security systems and dupe people.
Emails are dressed up to appear as if they have come from a person or company we know, with similar yet fake email addresses or copied company logos.
These are referred to as ‘spoofing’ or ‘imitation attacks’.
Katy Worobec, managing director of economic crime at the industry body UK Finance, says: ‘Criminals are increasingly using phishing emails to trick people into giving away personal financial details.
‘These emails are sophisticated and often impersonate trusted brands including major online retailers, internet and utility companies, that a large proportion of recipients are likely to use.’ Though t he emails t hemselves do not always contain anything that is harmful to a computer, they often invite a recipient to transfer money or give up personal information.
Alternatively a link in the email could take a victim through to a phishing website, dressed up to look like a legitimate and wellknown brand.
From here users are asked for sensitive details and passwords, which are then harvested by criminals. The end result is that personal details are used to commit identity theft, to access a person’s bank account or to sell to other cybercriminals in the murky depths of the internet known as the dark web.
Fraudsters will often deliberately use a typing mistake in phishing emails – believing consumers least able to detect poor grammar make for easier targets.
The logic goes that by including an error, fraudsters can filter out more cynical consumers who would gi ve dummy detail s , wasting scammers’ time and resources.
This leaves a selection of people who miss the error and are more likely to fall for the scam and hand over sensitive information. Though phishing has been around for many years, people continue t o be deceived. Experts put this down to busy lives and the fact that fraudsters are clever.
Simon Migliano is head of research at Top10VPN.com – a website that tracks the trade in hacking tools sold on the dark web. This is where fraudsters buy off-the-shelf phish- ing websites designed to look like popular consumer brands such as Netflix, Facebook and Apple – for as little as £2.
He says: ‘Consumers often receive tens of emails every day from colleagues, friends, family, entertainment brands, retailers and discount sites. Checking every message for its authenticity is becoming less likely.’
Scammers construct scenarios to grab attention – such as an issue with your bank account or a coy update about the world of celebrities. An imitation of the taxman is also regularly used by criminals.
They will also piggyback on news stories about data breaches.
For example, consumers should be cautious in the wake of the recent British Airways cyberattack in which customers’ financial details were compromised. Fraudsters could potentially pose as the airline in emails.
Fraudsters try to trap you via your mobile
SCAMMERS trying to snare victims via mobiles also use spoofing to great effect. Messages will appear on a phone’s display as a name, such as ‘Emily’ or ‘David’.
The hope is that a victim will know someone of that name and therefore click on the link embedded in the message.
The text will also tempt the recipient to tap on it – using words like ‘check this out’ or ‘here’s what I was telling you about’.
Whether scammers are aping a company or person – the link will either infect a mobile with malware or take a victim to a phishing website where personal information is requested.
Alternatively it might provide a number which when called ends up as an expensive premium rate number with charges added to the mobile user’s phone bill.
These charges may not then be seen until the mobile user receives their next bill.
What to do next if you fell for the trick
‘THE first thing to do is protect the money,’ says Neate. ‘Speak to your bank or credit card provider immediately.’
If you gave up sensitive details or potentially accepted malware on to your mobile or computer then contact your bank and ask for advice. Then change passwords for accounts that may have been compromised.
‘If it’s a crime in progress where quick action is needed, go to the police station and report it,’ Neate adds.
After safeguarding the money, you need to protect your device and have it cleaned of malware.Team KnowHow offers computer health checks for £60 and are located in some Currys PC World stores.
Visit getsafeonline.org and takefive- stopfraud. org. uk for more advice.
To help law enforcement build intelligence on fraud, report your case to Action Fraud – call 0300 1232040 or visit action fraud. police.uk.