The internet and email have changed the way we communicate over the last 20-25 years. While email may seem a little old hat these days with various social media tools emerging as ways to stay in touch, it’s still the major official point of contact between businesses and their clients or consumers.
With that in mind, it’s also the place where scammers and con artists attempt to impersonate businesses and government agencies to obtain sensitive data from people. With email traffic in the hundreds of billions each year for scammers it’s a case of sending out traps and inevitably catching someone unawares. If someone unwittingly gives up this data it can mean all sorts of headaches for their identity and their financials.
According to Intel Security, 97% of people are still unable to identify phishing emails that attempt to trick users into giving up their sensitive information. So it’s no surprise companies and people around the world are losing billions of dollars a year from phishing scams, especially when it can be tough to identify suspicious emails.
In our industry, we need to be extremely aware of this issue, so while we have mail guards to identify and capture suspicious emails before anyone in the office sees them, we still need to be mindful of what to do if something slips through. Here are the procedures we follow.
Understand what official emails look like. Generally, if you’ve had repeated correspondence with a company or an organisation you tend to know what their emails should look like. This isn’t always failsafe as scammers like to mimic email templates because if they appear authentic someone who might not be paying attention will fall for it.
Look for the actual email address. Scammers can give the appearance they’re from Westpac or ANZ by saying as much in their sender line, but the email address they use will give them away when it’s something like firstname.lastname@example.org, a domain that includes the name Westpac, but one they certainly don’t use. Sometimes this can be misleading though as information emails may come through a third-party mailing server which may look suspicious and include something like this as the sender email @mail243.suw18.rsgsv.net but in reality it’s actually safe.
Be careful of links. This is often the big one, a link is often embedded within text for brevity, but you also can’t see where it leads. Instead of clicking a link, always hover over it and depending on whether you’re using an email program or a web browser, the link address should either reveal itself in a small window, or show at the bottom of the page. If the link doesn’t appear to lead to a genuine website, don’t click it.
Don’t open attachments you weren’t expecting. Often an email may have an attachment that you’re prompted to open. When you open the attachment, your computer is hijacked or some virus or spyware is released. The safest step is to contact the business or organisation in question and ask if they have actually sent you something. Also, if you don’t know the sender that’s always a good enough reason not to open.
Don’t respond to requests for sensitive information. Simple. Don’t do it. Bank accounts. Credit cards. Government ID numbers. No one legitimate would initiate contact with you over email expecting these details. This is also important advice when receiving unexpected and unsolicited phone calls.
Stay calm. Rarely will anything need to be solved at this very moment. Scam emails will give the opposite impression and prompt you to take action before considering anything. Follow the steps above and if something doesn’t appear genuine delete it and forget about it. If you really need confirmation, contact the company or organisation by using contact details that are independent of the email.
This represents general information only. Before making any financial or investment decisions, we recommend you consult a financial planner to take into account your personal investment objectives, financial situation and individual needs.