Top 5 Email Scams You Need to Look Out for This Month
Companies, especially in today’s modern world where hackers and scammers are on the rise, have been making increased efforts to train their employees in recognizing scams the moment they hit their inboxes. However, people still continue to fall for them.
The effects of data breaches are becoming more severe than ever. More than 15 million phishing emails were sent in 2021, and fixing them would have cost a business an average of $1.85 million.
So, why are people continuing to fall for these scams? Often for the same reasons they always have, such as carelessness, gullibility, curiosity, courtesy, and apathy.
Email is one of the most common ways for scammers to reach their potential victims and they are targeting all businesses, regardless of size. Hackers are becoming more sophisticated, making it increasingly difficult for companies to spot a scam before it’s too late. The best way to protect your company from scammers is by arming yourself with not only security but more importantly, knowledge.
Below we will discuss the top 5 scams you need to look out for this month.
1. The PayPal Invoice Scam
Traditionally, scammers will send an email asking you to transfer money to a third party. However, these scammers are now impersonating PayPal and asking you to send money to them. Scammers create an online PayPal account in the name of well-known companies, such as Risenest Technology, Target, or GoDaddy, to name a few. They next send a customized invoice via PayPal using that account. At that instance, PayPal alerts you that an invoice has been received.
The fact that the invoice notification is REAL makes it challenging. You may view and pay the scammers’ invoices on your PayPal app. The con artists want more, not just money. They can alter the invoice’s message to fraudulently indicate that you will be charged a subscription fee for their “service.” Then they tell you that you should phone a certain number if you have any questions.
The person who answers the phone if you call them will ask you to download “remote control” software to your phone. Avoid doing this! Scammers will access your device and take additional stored credentials along with your PayPal log-in information. With these, scammers can carry out other crimes like identity theft.
If you ever receive this email, call PayPal immediately to confirm whether the email in question is legitimate. Remember that an invoice’s source may be shady even if the email appears genuine. If they did NOT send this email, report it to the company as a scam so others can be warned. Check if a web address is safe, and never respond to any invoices or requests for money that you do not recognize.
2. The Official Looking Email Scam
An email that appears to be from a government official, bank, or other company you may do business with is one of the most common email schemes. The scammers will try to make the email appear legitimate by using a similar email address to the one used by the actual organization. They may also use official-looking letterhead, logos, and other branding details to make the email seem real. If you get an official-looking email, inspect the email address carefully against any other email communications you’ve had previously with that company. If something seems a little off, do NOT open the email—scammers often use malicious links or attachments to steal your sensitive information.
If you are ever in doubt, call the company’s customer service department immediately to confirm the email’s legitimacy.
3. The Aging Accounts Scam
A company’s financial department uses aging reports, also known as accounts receivable schedules, to track clients who haven’t yet made payments on items or services they purchased on credit.
It was discovered during some recent engagements that BEC fraudsters were attempting to obtain a copy of an aging report by using the identity of the criminals’ preferred persona: the company CEO. These scammers sent a straightforward request for the document using free and temporary email addresses and display name deception.
Unlike previous BEC scams, this one did not demand that the victim transfer money to a vendor bank account or buy gift cards for performing staff. Instead, they requested that the target provide them a copy of the accounts receivable (or “A/R”) department’s aging report.
The scammers’ next targets would be the clients of our fictitious organization once they had this information—customer names, outstanding amounts, and contact details. They can use this information to make an email account alias that appears legitimate, pose as a member of our finance team, and ask them to pay the unpaid debt listed on the aging report.
The scammers will probably provide incentives to pay off their “debts” more quickly, such as lowering their total debt if they immediately pay off their unpaid balance. The only thing left for the actor to do at that point is to inform the payee that the banking information has recently changed and to provide them with the most recent account information for a bank account that the hackers control.
We advise using a multilayered strategy to prevent your employees, companies, and clients from falling prey to this attack. Strong email protections against advanced email attacks are a crucial foundation layer to neutralize the threat because, logically, none of this can happen if the original CEO identity deception misses the mailbox of the intended target.
4. The “Problem with Your Delivery” Scam
These scams can be spread in various ways; some demand delivery payment, while others ask for your email address to track a parcel. The hackers frequently utilize fictitious tracking numbers, delivery dates, and times.
You will often receive these emails from companies like UPS, FedEx, or the U.S. Postal Service, but they actually aren’t from these companies at all.
Sometimes, if you were to send a package, these scammers may even claim that there was a problem with your delivery and that the recipient could not be reached. They will then ask you to resend the package using a prepaid label they provide.
The way this works is quite ingenious. They expect for you to fall for their scam and send the package back out using their label as instructed. After a few days, you will receive the package you sent out with their label—and the scammer will have your money.
To avoid this scam, don’t fall for the pressure to act quickly. Instead, contact the real company to confirm whether there was a problem with your delivery.
5. The DocuSign Scam
Attackers are sending phishing links and documents through the electronic agreement management company Attackers are sending phishing links and documents through the electronic agreement management company DocuSign.
A hostile actor first creates a free DocuSign account or compromises another user’s account. Afterward, they add a file to the account. The attacker then mails their target a DocuSign envelope. DocuSign then sends the recipient an email invitation. It asks customers to click on a hyperlinked “View Document” button to review and sign an electronic document.
Since the email is technically sound, it avoids detection. The phishing link is hosted on DocuSign’s servers, making it possible to reach a recipient’s inbox.
The signature procedure is the same as it would be for a genuine file. The receiver is redirected after clicking the link, which is the only difference. They arrive at a phishing website meant to steal their Microsoft, Dropbox, and other account information.
This method works because DocuSign files, including PDFs, Word documents, and other file kinds, continue to be clickable up to the final page. (To prevent attacks, DocuSign turns other uploaded document file formats into static PDFs.) When offered the option to download the file, a signer can access the link and embedded files, even if those resources are dangerous.
Users can defend themselves from phishing scams that pose as DocuSign by refraining from opening suspicious email attachments. Additionally, consider hovering over embedded links to see where those URLs lead. Use the DocuSign website to access documents directly. These factors can be incorporated into an organization’s security awareness training programs.
Scams are becoming more sophisticated and difficult to spot, especially in the ever-changing world of technology. If something seems suspicious, don’t react impulsively. If you receive an email that seems off, do not click on any links or open any attachments.
Instead, report it to your IT department to investigate further and then delete the email.
Protected Harbor email security solution can protect users against malicious emails, zero-day attacks, and phishing scams. The best part about this email security solution is that it comes with a spam filter that has the ability to block more than 99.9% of spam emails. Thanks to its AI-based phishing keyword detection, it can identify phishing emails and block them before they reach the user.
Contact us today and get complete protection against email threats with zero trust security, MFA, and end-to-end email encryption.
Keep your email and company data safe from hackers.