Trust is essential in business, but unfortunately we can’t always trust emails. Sometimes criminals uses ‘spoofing’ to send us forged emails that appear to come from genuine people or organisations we know but are ‘phishing’ emails designed to trick us into actions that will cheat us out of money, infect our computers with viruses or enable the senders to hack into our banking, social media or other user accounts.
How do we know if we have received a spoofed email? Sometimes it’s obvious at the top of the email where the sender’s display name shows our contact, eg Mark Smith, but instead of showing their actual email address – firstname.lastname@example.org – shows another email address – email@example.com.
That is easy to spot, but some criminals are cleverer and will include the genuine email address as the display name, whereas the code in the email header shows that it has come from another email address, eg firstname.lastname@example.org. In some email software, you can check the actual email address it has been sent from by holding the mouse arrow over the display name at the top of the email.
Another tactic is to send from an email address that is similar to the real one, eg email@example.com.
As a general advice, don’t click on links with addresses that you do not recognise (again hover your mouse over the link to check its real target address) – they take you to counterfeit web sites or open attachments that download viruses on your computer. This can lead to the situation when you give away your user names and passwords, exposing yourself and your business to potential losses of money and reputation.
If this has scared you, don’t worry. Everyone in business faces the same problems. If you want help on figuring out which emails are genuine and which are scams, give us a call and we’ll be pleased to go through it with you to prepare you against online fraudsters.