RBC | Over the last eight years as a private investigator, a significant portion of my cases have been something referred to as “Business Email Compromise.” Typically, what happens is a high-level employee’s email account is “broken into” by hackers. The said hackers then spend some time reading the employee’s emails to see how the company the employee works for performs money transfers. In most cases, the hackers attempt to impersonate an executive and request a wire transfer of funds to an unknown bank account. For example, a hacker pretends to be a vendor that supplies the company with some kind of material or service and submits an invoice for payment. The hackers then use the compromised employee account to authenticate the invoice and authorize payment. It sounds complicated, but it’s really not. The key that unlocks the door for the hackers is when they gain access to the employee’s email account in the first place and frankly, that’s the easy part. In almost every case, the employee “got phished.”
A phishing email can sometimes be hard to identify at first. The hackers go to great lengths to duplicate a legitimate email, but there are usually some details that they miss. Here’s an example of what a phishing email might look like: You receive an email that appears to be from your email service provider (Microsoft, Google, etc.). The email has the company’s logo in it, and it looks legit. The email goes on to explain that there has been a problem and that you need to update your personal information and change your password immediately. All you have to do is simply “click here” to be taken to their website to do this. The link appears to be for the email service provider but in reality, it takes you to a hacker site that looks exactly like the email site, but it’s actually a data collection site in Singapore. Not knowing the difference, you enter in all your requested personal information including your old password and a new password. Voila! The hackers now have control of your email account. They can actually leverage your email account information to gain access to other accounts like shopping and banking by simply resetting your password.
So how do you identify a phishing email? Here are some tips:
– Check for spelling and grammar. Typically, the hackers that initiate phishing emails don’t speak English as a first language, so their spelling and grammar is marginal at best. Legitimate companies that might send you an email of this nature do so as a “security campaign” and the emails they send out are proofread by employees whose job is to ensure that the grammar and spelling is perfect before the email is sent.
– If it doesn’t sound right, it probably isn’t. Most legitimate companies that might be sending you an email claiming they need you to update your personal information usually include a phone number to call if you have questions. If the email you received seems suspicious in any way, make the call. Make them verify the email is legit.
– Use the “hover method” to find out if the “click here” link is legit. If you move your mouse pointer over the “click here” link and leave it there for a few seconds, a small window will pop open displaying the actual website address the link will send you to. For example, if you get an email from “emailserviceprovider.com” but when you hover your pointer over the “click here” link and it displays something like “hackersite.kr”, then you know it’s a fake link. Whatever you do, don’t click on it. Just delete the email and move on.
A couple of great websites that provide examples of phishing emails are listed below:
http://www.phishing.org/phishing-examples
https://www.phishtank.com/what_is_phishing.php
Next week, I plan to tackle the broad subject of viruses, malware, spyware and ransomware and provide some tips on how to protect yourself from all of the above.\\
By Brett Dearman | [email protected]