You get an e-mail containing a spreadsheet from your manager. A little surprised, you notice that his writing is much better than usual, but you still open the attachment. Or do you?
The sender information in an e-mail (the "From" field) can easily be spoofed to hide its true origin.
At first glance, it looks like the e-mail with a request to transfer money comes from the Chief Financial Officer, or that your manager sent the spreadsheet.
The attackers know we have hectic workdays and hope we won't notice anything. However, if we study the e-mail just a little closer, we can detect their bluff.
Check # 1: The Procedure
We follow certain procedures in our daily work. And if we need to step outside the chain of command, we explain our reasons.
Why should the CFO send you a payment request?
A fraud or attack e-mail typically contains a new subject "out of the blue" — as opposed to existing threads or conversations — and does not follow the established procedure or chain of command.
If a request does not make sense, do not act on it. Put it on hold while you investigate the matter.
Check # 2: The Human Element
Our boss always goes straight to the point. Harry elaborates. Michelle always gets her grammar right. Not even cybercriminals can fake these traits.
If something seems odd, ask yourself:
- Is their style, tone or grammar unusual?
- Why have they included this link or attachment?
- Why would they ask me to do this?
- Please, just stop and think for a second.
Look at some of the clues:
- Did you expect the email? Do you ever receive emails from this person ?
- The message starts with a generic greeting. Most legitimate companies will include your name in their messages to you.
- A link appears to be legitimate but when you hover over it, it reveals a URL that doesn’t match the address of the company’s website.
- There were no spelling errors which is often present in such scams. However, the reference to a director signing an order is very suspicious.