Beware. Email scammers are out to get you. They’re clever. Resourceful. Sneaky and highly motivated to line their own pockets. They have no conscious. Looking for the easy win.

Email scams are big business. People make a living out of ripping off businesses, Infiltrating the inner sanctum through emails.

The trouble is most of us have no idea how to protect ourselves. We leave the proverbial front door wide open, thinking our email security measures will keep scammers at bay.

Get expert help

According to IT and online security expert John Boggon, from Stalient Systems, most really have no idea how to protect themselves. He says people think email is bulletproof and practice the head in the sand approach. “There is no guarantee what you send will arrive into the right inbox or the contents will be the same. Because we think email is safe, we do not have any security measures in place,” he said.

“Most people only use one layer of security; typically, the program that came with their computer.  The scammers are smarter. They know how to get through your defences, because what most people use is flimsy.”

I did not get your email

Stop. Think about the times you’ve sent an email and the receiver tells you they never got it. You scratch your head, wondering where it ended up.  Surely it is as simple as pushing send?

“No” says Boggon. “Sending an email does not guarantee delivery. When you press send, there is no promise the other person will see the email.

“There are no checks and balances or authentication protocols in place to check the email you receive or send. There is no real way of knowing the person who sent it is who they say they are. Email are easy to forge. There are people out there who are master impersonators; they mimic your account details, change your content and intercept your emails, hoping to capture personal info or send programs to get information they want.”

Hacking your email

What? You mean the emails I receive every day may not be the original? Is nothing sacred?

This leaves thousands of people open to having their system hacked, files held to ransom, identities stolen and bank accounts emptied.

No one is safe.

Last year, over 87,000 people reported scams to the ATO. PayPal is a favourite of scammers. Telstra customers have been targeted. Even  Pokémon Go users are being attacked.

You might be familiar with these types of scams

  1. Typical email scam – Dating site or long lost uncle has died leaving you millions and needs your help to get the money out of the country.
  2. Phishing – Scammer sends millions of emails; all they need is a dozen people to be tricked into running an application or program accessible via an attachment or link. When the program runs, the scammer has full access to your computer capturing keystrokes – user names and passwords. Ransomware is a version of this scam – you are tricked into installing a program, which encrypts your files. You receive an email asking for $1000 to decrypt YOUR files. These scammers even have 24-hour helpdesk, to assist you to pay your ransom.
  3. Whaling – The scammer targets senior management of an organisation, tricking them into transferring big bucks into an account. These scammers are highly motivated (spending a lot of time researching the company) because of the big financial gain. They register a similar name but slightly different and then insert themselves into the conversation.

There are three major flaws in email security scammers take advantage of on their mission to defraud you.

  1. No authentication – no guarantee the email came from your contact.
  2. No guaranteed delivery – your email can get lost in transit.
  3. No encryption or security – emails are sent in clear text, which is easy to intercept.

How do you protect yourself against these insidious people attacking your business?

Four steps to protect yourself

It boils down to email security:

  1. Vigilance – Be suspicious of every email you get – do not trust emails you receive even from people you know. Check the sender’s domain – look for misspelling or extra characters. If you are not sure, DON’T OPEN.
  2. Layered security – Gmail and Office 360 has them but you need more than one layer. Use MailGuard or SpamTitan, on top of your antivirus program. Boggon suggests thinking of your computer like a castle with multiple layers of protection – a moat, high walls and the keep designed to slow attackers.
  3. Education – Know what the threats are – set up Google alert to monitor for news stories. Check Scamwatch
  4. Unsure? – engaged the services of someone who knows.

While it is nice to believe in rainbows, unicorns and all people are nice, it is a sad reflection on the online world there are people out to cause you and your business pain. By taking some simple measures, you can ensure your bank account, identity and reputation remain intact.

A quick search of Google reveals the volume of people who are impacted by scammers every day. So, do not believe it won’t happen to you. It is just a matter of when.