How to protect yourself from fraudulent emails
Recently our team held a full staff review session on fraud awareness and protection. We’ve had a few phishing emails come through lately, so it was crucial to get everyone up to speed on how to recognize them and what to do if they receive one.
According to Cert NZ, New Zealanders report an average loss of $4.6m per quarter due to scams. Scammers are continuously evolving their tactics to obtain confidential information and money from unsuspecting victims.
Some of our team members received emails where the sender was posing as one of our colleagues. The emails requested purchases of gift cards, changes to bank accounts, or access to shared files. While these emails may not be the most sophisticated, they can be easily actioned if not detected in time. Fortunately, our internal processes and regular communications enabled us to identify these emails and raise awareness among the team.
We have internal processes and regular communications in place, so we know to raise an eyebrow when something seems off. Our protocol is to pause and check before taking any action. We recommend that you do the same. Do you know the sender of the email? While the sender’s name may seem familiar, be sure to verify the sender’s email address, especially the domain name. If it differs from what you usually see, don’t trust it. According to our IT manager, 60% of emails that come through are spam or scam emails. This statistic is quite alarming and emphasizes the need for caution when dealing with suspicious emails.
It’s not just our team that needs to be aware of these scams; our clients must also be protected. The strong relationships we’ve built with our clients mean that if they receive something unusual, a quick phone call to us can help enhance security features.
So, what should you look for in a phishing email? They often have –
- incorrect branding
- a sense of urgency, such as a request to click on a link, update your details immediately, or push to make a purchase
To avoid being caught out, verify any email requests that appear urgent. This step is often overlooked but can prevent the need to pay thousands of dollars to retrieve or set up files again or pay an invoice that is not retrievable.
If you do receive a phishing email, here’s what you should do:
- First, make sure you’re certain it’s a scam.
- Don’t click on any links or open attachments unless you’re sure they’re safe.
- If it’s a scam, block the sender, delete the email, or mark it as spam.
- If you’re not sure, ask someone
- You can report it at cert.govt.nz. If you think you’ve been sent a phishing email you can send it to Cert NZ here.
It’s also essential to take the time to check any urgent requests for legitimacy. We’ve set up our internal processes so that any urgent requests from managers or team members don’t come through via email. Taking that time to check is much better (and cheaper) than having to pay out thousands of dollars to retrieve or set up your files again or paying an ‘invoice’ that won’t be refunded.
In addition to being vigilant and thoroughly checking emails, we recommend setting up two or three layers of verification on any software you use. We suggest using an authenticator app as the primary authentication method instead of the text message authentication.
We’ve also included some useful resources at the end of this post, that include websites and tools to help you check for phishing scams and report any issues you might encounter.
Stay safe out there! And remember, if you’re not sure, shout out for help.
Here are some useful resources to help you stay safe online:
- LastPass – password management from anywhere. Create a business or personal account. Watch the 101 videos. (Side note – if you need help setting this up for your business, our IT manager can help. Get in touch to get set up).
- How secure is my password? Check out this website that will test your password strength: https://www.passwordmonster.com/
- Spam about scams, and phishing: https://www.dia.govt.nz/Spam-About-Scams-and-Phishing
- Useful links: https://www.dia.govt.nz/Spam-Useful-Links
- Phishing URL Check: https://easydmarc.com/tools/phishing-url
- Warnings and alerts: https://www.fma.govt.nz/library/warnings-and-alerts/
- Report an issue: https://www.cert.govt.nz/individuals/report-an-issue/
- Fraud information: https://www.facebook.com/FraudInfo/