Have you, a colleague or a friend ever received a suspicious email? It is of paramount importance to know how to report email fraud in order to avoid all the unpleasant consequences that might come from it, especially if we’re talking about the compromise of your business email – revenue loss, data breach, reputation damage, maybe even your dismissal.
How to Report Email Fraud – Some Definitions
Email fraud or email scam refers to an “intentional deception for either personal gain or to damage another individual by means of email.”
Some of the most common forms of email fraud are phishing, spoofing and business email compromise. Let us have a closer look at each of them.
Phishing
As you can see in our Cybersecurity Glossary, phishing represents “a malicious technique used by cybercriminals to gather sensitive information (credit card data, usernames and passwords, etc.) from users. The attackers pretend to be a trustworthy entity to bait the victims into trusting them and revealing their confidential data. The data gathered through phishing can be used for financial theft, identity theft, to gain unauthorized access to the victim’s accounts or to accounts they have access to, to blackmail the victim and more.”
Most phishing scam emails appear to be from financial institutions, online retailers and services, social networks, government agencies or even from a colleague or a friend. The phishing email might even include photos and information from the legitimate website.
Moreover, as one of our colleagues wrote, “They may even redirect you to the company’s website and collect the data through a false pop-up window. Or it can happen the other way around: they first request your personal data, then redirect you to the real website. Other times, they tell you that you have been targeted by a scam and that you urgently need to update your information in order to keep your account safe. That’s how millions of Walmart consumers were tricked in 2013. All these gimmicks will minimize the chances for you to realize what happened.”
Spoofing
Spoofing, on the other hand, “is a compromise attempt during which an unauthorized individual tries to gain access to an information system by impersonating an authorized user. For example, email spoofing is when cyber attackers send phishing emails using a forged sender address. You might believe that you’re receiving an email from a trusted entity, which causes you to click on the links in the email, but the link may end up infecting your PC with malware.”
For cybercriminals it’s crucial to gain your trust and fall into their trap – they know you’re more likely to engage with the links or attachment an email contains if you believe it comes from someone familiar.
Business Email Compromise
When it comes to business email compromise, my colleague Miriam clearly explained:
The term covers a wide variety of malevolent behavior, but all forms of BEC have one thing in common: they need to get access to a business email account or to fake it. In some cases, the BEC practice can refer to malicious actors spoofing or hacking into your business email account, in order to send fraudulent emails to your colleagues, employees or business partners. In others, they could be spoofing or hacking into the business email account of a partner, in order to send you emails and gain an advantage from you. In all cases, whenever malicious third parties can manage to compromise a business email, they will work to make it worth their time, and extort the maximum amount of money and data that they can get their hands on.
How to Report Email Fraud – “Phishy” Signs
Want to know exactly what to look for in an email fraud? Below are a few signs that indicate that email you received is suspicious and should be reported:
- the email does not contain your name or there is a blank space where the name should be
- the email contains spelling or grammar errors
- the sending email address is inarticulate or does not match the company name
- the images, colours and branding in the email does not match the official website
- the email contains a request from a company you haven’t interacted with before
- you receive a delivery notice you did not expect
- you are notified that you received a prize from a competition you did not enter
- you receive urgent requests of money
How to Report Email Fraud – Prevention Methods
How can you avoid identity theft and sharing personal information with the wrong people? Be extra careful when it comes to the cybersecurity of your system and email accounts:
- Use security software and keep it updated.
Our Heimdal™ Next-gen Endpoint Antivirus uses signature-based code scanning to monitor the activity of your company’s files in order to protect your endpoints against malware, ransomware, APTs and various other threats. The Unified Threat Dashboard of the Heimdal™ agent offers enhanced visibility, global scalability and on-the-fly deployment and updates.
- Regularly update your mobile phone to make sure you’re avoiding security threats.
- Protect your email accounts with multi-factor authentication.
As Federal Trade Commission explains,
The additional credentials you need to log in to your account fall into two categories:
- Something you have — like a passcode you get via text message or an authentication app.
- Something you are — like a scan of your fingerprint, your retina, or your face.
Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.
- Don’t forget to back up your data, both the one from your computer and from your phone. Think of using an external hard drive or cloud storage.
- Avoid clicking on a link or opening an attachment in unsolicited or suspect emails and do not give out personal information.
- Try an email security solution.
Our Heimdal™ Email Security is a revolutionary spam filter and malware protection system which packs more email security vectors than any other solution you can find. Heimdal™ Email Security will help you detect malware, stop spam, malicious URLs and phishing with simple integration and highly customizable control.
Email communications are the first entry point into an organization’s systems.
MailSentry
is the next-level mail protection system which secures all your
incoming and outgoing comunications
- Deep content scanning for attachments and links;
- Phishing, spear phishing and man-in-the-email attacks;
- Advanced spam filters which protect against sophisticated attacks;
- Fraud prevention system against Business Email Compromise (BEC);
Offer valid only for companies.
Moreover, our Heimdal™ Fraud Prevention module can detect CEO and financial mail fraud, spot Insider Business Email Compromise, discover imposter threats, but also advanced malware emails. It uses 125 detection vectors to keep your email safe. The most important are: phraseology changes, IBAN / account number scanning, attachment modification, link execution and scanning, man-in-the-email detection. MailSentry Fraud Prevention is actually able to learn the senders’ communication patterns, in order to detect the smallest modifications. Both you as a user and the IT administrator will be notified when a fraudulent email enters your inbox. Moreover, a team of experts would be there for you 24 hours / 7 days a week, to analyze possibly dangerous isolated emails in order to avoid false positives.
- Train your employees – every employee in your company must know about the dangers of email fraud, how to recognize it and how to proceed if they have suspicions.
You can find some more detailed advice on Security Boulevard.
How to Report Email Fraud – Action Steps
If you have discovered an email scam, there are various way to report it.
- if your business email address has been compromised, you can forward the suspicious email to your IT admin or cybersecurity team and tell them your concerns.
- if you notice someone sending emails in the name of a specific company, reach out to that company. Forward them the questionable email and let them know about the scam.
- forward the phishing emails to the U.S. Federal Trade Commission’s Anti-Phishing Working Group (APWG) at [email protected] or [email protected] .
- notify the Internet Crime Complaint Center (IC3) – https://www.ic3.gov/ .
- report scams to your state consumer protection office.
- report Social Security Administration imposters online to SSA’s Inspector General. Call 1-800-269-0271 (10:00 AM – 4:00 PM, ET).
- report IRS (Internal Revenue Service) imposters to the Treasury Inspector General for Tax Administration (TIGTA), at 1-800-366-4484.
If you have received a suspicious email on Gmail, you must know that “when you manually move an email into your Spam folder, Google will receive a copy of the email and may analyze it to help protect our users from spam and abuse.”
If you want to specifically mark an email as phishing, open the message, click on the More button next to Reply and click Report phishing.
How to Report Email Fraud – Wrapping Up
The integrity of your email accounts is crucial – cybercriminals can obtain from them personal information, your social security number, details about your bank account or credit card, phone numbers, addresses etc. For this reason, it’s important to protect it and to know how to report email fraud.
Always do your best to discourage cybercriminals, either by prevention or by reporting their malicious acts! Also, please remember that Heimdal™ Security always has your back and that our team is here to help you protect your home and your company and to create a cybersecurity culture to the benefit of anyone who wants to learn more about it.
Drop a line below if you have any comments, questions or suggestions – we are all ears and can’t wait to hear your opinion!
