Such emails today are usually set up so professionally and are so well camouflaged that they are challenging to recognize. Here are five tips on how to quickly uncover deception maneuvers.
Everyone has heard of cases where cyber criminals use fake identities to scam money. For example, the supposed boss orders payment by email or the friendly colleague asks to change his account number for the salary transfer. Because in times of New Work, scammers often have an easy time. If employees are increasingly working from home, it is more difficult for them to ask a colleague and verify a process quickly. This increases the risk of falling for a scam in the rush of day-to-day business.
Table of Contents
View Full Email Addresses
Many companies have set up their email system in such a way that only the name of the sender is displayed in internal email traffic. Although such abbreviated addresses are more precise, they also harbor the risk that one does not look too closely and is more easily deceived. Attackers only need to manipulate an email alias. Therefore, you should always display the complete email address for internal emails so that the actual domain of the sender is obvious. In addition, it is advisable to automatically mark whether an email comes from an internal or external sender. This can be set in many email systems. In this way, suspicious messages can often be uncovered at a glance.
Establish Email Auto-Signatures
Cybercriminals like it quickly. So make it as difficult as possible for them to pretend to be false identities! This includes, for example, establishing email auto-signatures – both for external and internal communication. This increases the effort of fraudsters to make their message look authentic. They have to forge the signature precisely. However, long signatures can make texts in internal email chains confusing. It is therefore advisable to introduce different auto signatures for external and internal messages: a detailed one containing all legal information and graphic design elements and a leaner one with only the sender’s contact details. If this is impossible, you should use the same auto-signature for all emails.
Check Emails For Tone And Corporate Culture
Unfortunately, the days when you could immediately identify fraudulent emails based on grammatical and spelling mistakes are over. Perhaps the supposed colleague is suddenly addressing you formally, although you are all on a first-name basis. Or he writes in a different style than usual. Always check incoming emails for their tone and the company culture. If unfamiliar telegram-style instructions suddenly arrive or you are asked to deviate from standard processes, all alarm bells should be ringing.
Switch Channels For Control Questions
If an email seems suspicious to you and you want to investigate further, it is best not to reply to the incoming message directly. Otherwise, there is a risk that your mail will only end up with the scammer again. He can then answer, maintain the deception and, with some skill, clear all doubts out of the way. It is, therefore, better to pick up the phone, use the company chat or write a WhatsApp message. In any case, you should change the medium for your queries.
Define Clear Release Guidelines
What if, despite all precautions, the attacker can get through with his false identity? Then transparent approval processes based on the four-eyes principle can uncover fraud and avoid damage. For example, define the functions in accounting precisely – such as how payment requests or transfers are to be handled and always have salary-related changes to amounts or account data checked by the HR department.
You should always have unspecific instructions from higher-level employees approved by the finance department or a manager. If you follow these five tips, scammers will have difficulty succeeding. In addition, it makes sense to put the existing email security measures to the test. Are they still state of the art, and are they compelling enough? Most email attacks can be warded off in advance with modern security systems. A managed security services provider can help find and operate a solution that fits your unique needs.