Whilst in general, most ‘nasty’ emails these days tend to be of the type that are looking for you to enter your email address and password so that someone can either gain access to your data, or impersonate you, that doesn’t mean that emails with viruses or other forms of malicious software have gone away.
Indeed, it’s sad to say that Cyber-criminals are taking advantage of the situation in Ukraine (as they tend to do with anything like this) and crafting their emails with dramatic headlines such as ‘Russia bombs nuclear power plant!’ or ‘Russian missiles hit maternity hospital!’.
These emails are designed to get you to click on links supposedly taking you to a news site for further information, but actually taking you to a site which looks like a news site, but contains dangerous malware that can sometimes get onto your machine purely by the fact you have visited the site.
There are also criminals hoping that everyone is concentrating so much on the Ukraine situation that they are letting their guard down in other areas.
It’s important that you remain vigilant in this area: whilst you may have software in place to guard against malware, fake links, etc, these cannot be 100% guaranteed to catch everything and therefore it’s important we all continue to be alert and take precautions.
Whilst simply looking at a ‘dodgy’ email can’t normally cause any problems, it’s vital that you don’t click on any links in any emails you receive, unless you are certain who the email is from and are expecting it. If you are in any doubt about whether an email is genuine then make contact with the sender through a phone call or some other means apart from email before proceeding – don’t email them for obvious reasons!
The other common tactic with emails is to send an email to a member of your staff, seemingly from the owner or a senior person, instructing payment to someone, with the bank details supplied via email. These type of emails usually include some sort of background to say that something has come up which makes it impossible for the ‘boss’ to follow the normal procedures and that the matter is both urgent and confidential – designed to prevent questions being asked or normal procedures (which would reveal the attempted theft) being followed.
A more dangerous version of this email occurs when a cyber-criminal has managed to get access to a genuine email (possibly due to a malicious link) and so any requests for payment are actually from a genuine email address, thus removing that obvious indication of it being a fake.
Regardless of who the email appears to come from, the way to prevent this type of attack from succeeding is to have robust procedures around any payments being made from your business, with 2nd person checks, independent confirmation of bank details etc, and to ensure that these procedures are followed at all times, regardless of the staff involved.
As always, we at Drummond Laurie are here to help, and if you have any queries at all about anything covered in this blog, please don’t hesitate to be in touch with your usual contact for advice.