Scammers are coming up with increasingly clever ways to trick you into thinking that your best option is to pay out. Our newest blog post contains details on a scam that uses breached data to convince you that they are in possession of compromising information.
Read our SEXTORSION blog post to make sure that you are not caught out.
Social engineering scams.
IQ in IT also want to make users aware of scams that are using information freely available on the internet to pose as members of your company. Emails are sent out, that read as being from someone from your company. Fraudsters will have found this information using social engineering – collecting information freely available on the internet. This could be from a company website, Facebook, LinkedIn, Twitter and other sources where information is shared. By collating various bits of information, the scammer is able to build a credible story line that convinces the recipient that this email is from perhaps, a company director.
The name on the email will be the real name of someone you recognise, however the email address will not be legitimate, for example, [email protected] – it is very easy to send an email from any email address and change the name. Always pay attention to the actual email address!
Often an out of office message is used as the way to find out the business owner is out of office, as detection of the fraud will take longer and has higher rate of success.
The main trick here, is to convince a person with access to the bank account to transfer money, by emailing as the business owner needing a quick transfer.
Email can be compromised and monitored by a fraudster.
In the more sophisticated scams, emails will be compromised, and monitored to find the perfect moment to launch an attack, the scammer can monitor when real bills are supposed to be sent out, and then send an email at the perfect moment asking for the money to be sent to a different account – This could be done by setting rules and auto forwards.
Beware of emails which do not come from the legitimate recipient. Be suspicious of emails with bank account corrections at the last minute. IQ in IT have seen this sort of attack many times and have been working to untangle and understand how it happened.
The best way to prevent unauthorised access to your own email is to have 2 Factor Authentication and user training. Watch out for our blog post with advice on 2 step authentication coming soon.
At IQ in IT, cyber security is our key priority. We work with both businesses and individuals to protect data, assets and reputation. To request your cyber security review, please contact us.