Malicious emails are the number one cause of viruses, network hijacking, and a variety of computer headaches. Most of the time they can be avoided by being vigilant and really looking at the email you've been sent. Here are things to remember and things to look out for.
External Email Warning
All emails from an external address carry a warning message at the top. It will usually be yellow and stand out. If the email is not formatted correctly however the message will still be there but not in a yellow box, instead it will be in plain text. The below images show these warnings;
Please look out for this warning on all emails as it will give you a quick indication if it came from an internal colleague (no warning at all) or and external address (warnings as detailed above).
Fake ‘Green Lists’
There is no process to label any email with a green bar saying it’s from an approved sender. Any email with one of these is fraudulent. An example of one of these is below;
Who is the Email actually From?
Increasingly people are receiving emails from external addresses using colleagues names (likely discovered by public pages or published documents, articles etc) but clearly not their whales.org email address. The example below shows one email where it’s appearing to be from Chris Butler-Stroud but the email address itself is a very dodgy looking Gmail one;
Any email from a WDC colleague is 99% likely to come from their whales.org email address and never from an external one. Note the ‘Caution’ message is also present in this email. This warning would not be there if the email was legitimately sent from Chris via his whales.org email address.
How Does the Email Read?
More often than not you can tell an email is suspicious simply by reading it. Take the example above and break it down;
I’m in a conference meeting and I wouldn’t be done anytime soon
This is appalling English when you read it back, you’d think it would say ‘won’t be done’. Not to mention, the fake Chris is apparently in a conference meeting where he will be for a while but still has time to email and make the request he does?
Let me have your personal phone # number
It’s highly unlikely for Chris to ever ask this. If he legitimately needed it, he’d ask Sian for it.
It’s of high importance
If it was, he’d call directly for immediate answer rather than communicate via email where there could be hours before a reply.
Thanks Chris Butler-Stroud
Chris wouldn’t sign off with his full name on an email to an internal colleague.
Sent from iphone
If it’s come from a mobile device in office hours, I’d always be a little be suspicious of it. Surely the real Chris would be using his desktop to email.
A bit more detail on the example above and what the scam was...
In the example above the scam was to get the recipient (Nicola in this case) to email back with the phone number. Once the scammer had the phone number they would be able to call. In that call they would still be pretending to be Chris and would explain that their email had been locked out or perhaps their mailbox was full and they needed money or money for vouchers in order to resolve the situation. At that point the scammer would ask for either bank or card details or perhaps ask the user to send money via PayPal direct to them.
Essentially the scam email above is the same as a scam phone call asking for your bank details but they're pretending to be someone you know believing you'd give them what they want.
Use Common Sense
Our best weapon against these kinds of scams is your own common sense. Take a breath, think about it and if you get an email like this and you’re not sure if it’s legitimate you can forward it on to Simon and Chris (or the colleague being mimicked) directly via their whales.org addresses and ask if the email came from them. Treat every external email as if it was a scam phone call, with the same reluctance to give out any personal information.
What to do with a Fake/Fraudulent Email?
If you've identified an email as fake or fraudulent you must never reply to it or open up any attached files. Before you then delete it, forward it on to [email protected] so that the IT team can add the senders email address or email domain to the email filter to block emails from them in future. It is important to do this as it will reduce the chances of accidents happening via emails coming in from the same malicious source.