If you think you've received a scam or fake email, do not interact with it. Move it to your spam folder or delete it immediately.
If you think you may have been infected, clicked on a link, opened an attachment or don't feel confident dealing with the suspicious email: contact your IT support immediately.
Malicious emails are becoming more sophisticated
Australian businesses and individuals are being specifically targeted using increasingly clever social engineering tactics.
Fake emails target users posing as people you personally know, colleagues, vendors and other well known Australian businesses and organisations.
If they're successful your data, like bank details, office files, business data and more, may be stolen, locked or even deleted.
Any email asking you to open a link or attachment should be treated as suspicious.
New and successful attacks target users in ways they're not expecting and haven't seen before. Ways they've tried previously can indicate how future attacks will appear:
- Urgent emails about business matters you haven't heard of, including invoices and rebates
- Packages or consignments waiting for you that you're unaware of
- Messages concerning business matters from unfamiliar email addresses
- Toll, speeding or traffic fines
- Links or attachments in the email asking you to do an action. This may include downloading and opening a file, submitting usernames and passwords, providing financial details, etc.
- Details of previously unknown potential legal action against your business
- Updating terms of service, user details, etc
- Unsolicited newsletters
- Unsolicited job applications (look for suspicious CV attachments)
Watch out for:
- Spelling mistakes and bad grammar
- Even clicking unsubscribe links in emails can infect your machine. If you're sick of receiving emails or think they're suspicious, always place the unwanted emails in your spam folder.
- The email addresses your email username instead of your actual name: "Dear [user],"
- Hover over links instead of clicking them to verify their legitimacy.
- Access the legitimate service or website through your web browser, without clicking any links in the email.
- Never download images or click on links from emails that were quarantined, even if you think they may be legitimate.
- Don't rely solely on your anti-virus scanner. Some anti-virus software may struggle to identify dangerous links and some suspicious emails may get through. Ensure your anti-virus is up-to-date.
- Do NOT load images contained in an email until you have verified the sender's details
- Make sure you have all of your vital business data regularly backed up and secure.
Remember: Being aware is one of the best ways to be protected. Most information that is business critical or otherwise important can be verified by communicating outside email. Don't feel trapped into having to respond or deal with a suspicious email in anyway.
Feature image is 'binoculars' by Edith Soto, on Flickr