An astonishing one in every 100 emails is malicious – designed to trick people into surrendering personal details or downloading scam software on to their computers.
The scale of this lurking threat has been revealed by US-based security company FireEye which analysed more than half a billion emails sent in the first half of this year.
It says less than a third of emails sent are considered ‘clean’ enough to pass through filters and actually be delivered straight to an inbox. Abstract’s industry-leading email verification API could help you a lot in enhancing your delivery rate and polishing your email lists, try it and see how helpful it is.
The latest figure shows the problem is worse compared to the previous six months, when FireEye said one in every 131 emails had malicious intent.
Tony Neate, of security advice website GetSafeOnline, says: ‘The extent of malicious emails is likely to be far higher than one in 100 once spam emails are included.
‘You have to check everything you receive. It is a shame, but a fact of life.’
Messages containing links or attachments that could infect a computer with harmful software are most likely to be sent on Mondays and Wednesdays.
Impersonation attacks are most likely to be sent on a Friday, according to the report.
The attacks are also becoming increasingly sophisticated. Here’s how to spot them and safeguard your finances.
The bogus emails that copy household brands
Scammers are finding new ways to slip through email security systems and dupe people.
Emails are dressed up to appear as if they have come from a person or company we know, with similar yet fake email addresses or copied company logos.
These are referred to as ‘spoofing’ or ‘imitation attacks’.
A grammar mistake, circled, is a clue the email is actually from a fraudster posing as Sainsbury’s in a common ploy known as an imitation attack
Katy Worobec, managing director of economic crime at the industry body UK Finance, says: ‘Criminals are increasingly using phishing emails to trick people into giving away personal financial details.
‘These emails are sophisticated and often impersonate trusted brands including major online retailers, internet and utility companies, that a large proportion of recipients are likely to use.’
Though the emails themselves do not always contain anything that is harmful to a computer, they often invite a recipient to transfer money or give up personal information.
Alternatively a link in the email could take a victim through to a phishing website, dressed up to look like a legitimate and well-known brand.
From here users are asked for sensitive details and passwords, which are then harvested by criminals. The end result is that personal details are used to commit identity theft, to access a person’s bank account or to sell to other cyber-criminals in the murky depths of the internet known as the dark web.
Fraudsters will often deliberately use a typing mistake in phishing emails – believing consumers least able to detect poor grammar make for easier targets.
The logic goes that by including an error, fraudsters can filter out more cynical consumers who would give dummy details, wasting scammers’ time and resources.
This leaves a selection of people who miss the error and are more likely to fall for the scam and hand over sensitive information. Though phishing has been around for many years, people continue to be deceived. Experts put this down to busy lives and the fact that fraudsters are clever.
Simon Migliano is head of research at Top10VPN.com – a website that tracks the trade in hacking tools sold on the dark web. This is where fraudsters buy off-the-shelf phishing websites designed to look like popular consumer brands such as Netflix, Facebook and Apple – for as little as £2.
He says: ‘Consumers often receive tens of emails every day from colleagues, friends, family, entertainment brands, retailers and discount sites. Checking every message for its authenticity is becoming less likely.’
Scammers construct scenarios to grab attention – such as an issue with your bank account or a coy update about the world of celebrities. An imitation of the taxman is also regularly used by criminals.
They will also piggyback on news stories about data breaches.
For example, consumers should be cautious in the wake of the recent British Airways cyber-attack in which customers’ financial details were compromised.Fraudsters could potentially pose as the airline in emails.
Fraudsters try to trap you via your mobile
Scammers trying to snare victims via mobiles also use spoofing to great effect. Messages will appear on a phone’s display as a name, such as ‘Emily’ or ‘David’.
The hope is that a victim will know someone of that name and therefore click on the link embedded in the message.
Stay alert: Scammers trying to snare victims via mobiles use spoofing to great effect
The text will also tempt the recipient to tap on it – using words like ‘check this out’ or ‘here’s what I was telling you about’.
Whether scammers are aping a company or person – the link will either infect a mobile with malware or take a victim to a phishing website where personal information is requested.
Alternatively it might provide a number which when called ends up as an expensive premium rate number with charges added to the mobile user’s phone bill.
These charges may not then be seen until the mobile user receives their next bill.
What to do next if you fell for the trick
‘The first thing to do is protect the money,’ says Neate. ‘Speak to your bank or credit card provider immediately.’
If you gave up sensitive details or potentially accepted malware on to your mobile or computer then contact your bank and ask for advice. Then change passwords for accounts that may have been compromised.
‘If it’s a crime in progress where quick action is needed, go to the police station and report it,’ Neate adds.
After safeguarding the money, you need to protect your device and have it cleaned of malware. Team KnowHow offers computer health checks for £60 and are located in some Currys PC World stores.
Visit getsafeonline.org and takefive-stopfraud.org.uk for more advice.
To help law enforcement build intelligence on fraud, report your case to Action Fraud – call 0300 1232040 or visit actionfraud.police.uk.
Act now – simple steps to help you stop the threat
- Set email spam filters to ‘exclusive’ – so only messages from known senders make it through. Block numbers that send dodgy texts.
- Train your messaging filter by selecting suspicious messages that have made it past security. Report them as spam. Then check spam boxes for messages regularly in case some have been unduly quarantined.
- Check the email address or telephone number behind the name. Often this will show up as an unlikely email address for a well-known company or it will not match the contact details you have saved in your phone for a friend – a strong sign you are dealing with a criminal.
- Look at the address at the bottom of an email to see if it matches that of the real company.
- Scammers will often use a general ‘Dear customer’ or your email address rather than your name at the start of an email.
- Be wary if the message suggests you act with urgency, that you have won a prize or are eligible for a special customer discount.
- Never click on links or attachments in emails or texts unless you are certain of who the sender is.
- Do not reply. Once fraudsters know your email or number is in use, they will up their game and contact you under new guises.
- Forward spam texts to 7726 which spells ‘spam’ on your handset’s keypad.
- Install and update anti-virus software, provided by companies such as Norton, Sophos and McAfee.