Phishing, Spear Phishing and the ‘Can you make a quick payment’ dilemma

We have all received fake emails asking to ‘confirm your login to check your account for suspicious activity’ from eBay, Amazon or such, this is Phishing as they are casting a wide net to see who they catch unawares.

A more devious and targeted approach is called Spear Phishing – where the miscreant impersonates a senior member of the team and asks for some form of quick payment to be processed, usually with an urgency about it and some consequence for not complying – we will lose the order/contract/tender if we do not make fast payment.

Recent example: –

All looks genuine and normal (aside from me emailing myself to do something) it has my email and name in the message, and I do have an iPhone.

Look what happens when we click reply – the email address in the reply box, while very similar to mine is in fact bogus: –

The actual sender is using alastair@arcitsolutions.co.uk-g.eu as an email address, having registered the EU domain name arcitsolutions.co.uk-g.eu which SPAM filters will accept as it is a legitimate domain name. Very crafty!

We have also seen attempts made with criminals registering the .co variant of.co.uk domains, again, very crafty! For example, it could have read alastair@arcitsolutions.co (fortunately we own that domain name) which again is easily overlooked when in a hurry.

What can we do to protect against this?

Follow up with a phone call to the (apparent) sender to confirm the request. As a business owner I would rather have my holiday interrupted with a few quick phone calls than return to find the bank account empty.

Ensure that you have robust processes in place to verify and corroborate all requests to change any supplier or payment details. Get in touch with the supplier (or internal colleague) directly, using contact details you know to be correct, to confirm that a request you have received is legitimate.

At a very basic level, always check the reply email address closely before sending is the same one that you believed the email came from by clicking reply and checking – do not take the email address to be valid until you have done this as the address that appears in the body of the email can be a fraudulent address.

All employees should be aware of these procedures and encouraged to challenge requests they think may be suspicious, particularly urgent sounding requests from senior employees.

Sensitive information you post publicly, or dispose of incorrectly, can be used by fraudsters to perpetrate fraud against you. The more information they have about you, the more convincingly they can purport to be one of your legitimate suppliers or employees. Always shred confidential documents before throwing them away.

Email addresses can be spoofed to appear as though an email is from someone you know. Again, click reply and check the reply email address closely form a match. If an email is unexpected or unusual, then don’t click on the links or open the attachments. Staff should not be allowed to check emails from administrator accounts.

If in doubt, call us on 01782 202529