Performing some last-minute preparations for an important client meeting, you discover that the document you need cannot be opened. In a panic, you call your IT department only to be told “Can you please turn off your computer to ensure that it doesn’t infect the rest of the office computers. Your computer has been infected with ransomware and we need to restore all your files from the most recent backup.”

$70,849,741.00 has reportedly been “scammed” this year alone. Only 7% of the 134 083 reported scams contributed to the overall dollar figure.

Scam reported in 2016
All Scams reported to the ACCC for 2016

With emails being the 2nd most reported scam and 3rd for the most causing financial loss it is important to foster a business culture of security. Ensure that all employees are aware of the risks of “laid back” data security and help them recognise suspicious requests and phishing schemes. Well-meaning individuals within your business can unwittingly download ransomware without even knowing until it is too late or give away financial details on a well-crafted phishing website potentially costing your business time and money.

With the 2016 holiday season coming up, and the potential of increased email-based scams (Source) we have decided to put together an email safety checklist to help you minimise the risks and educate the people around you.

  1. Check that the from email address is coming from the correct email address. Be aware that the email might be sent from falsified or ‘spoofed’ email addresses.
  2. Scammers will make every attempt to make the email look legitimate. This makes is very had to know the difference at times. If unsure, directly contact the company that the email is from.
  3. The body of the email may contain spelling mistakes and poor grammar.
  4. Often there will be a sense of Urgency or Threat to the email to trick you into action.
  5. ALWAYS check links in emails before clicking them. Hover over the link on your with your mouse before clicking on them. For mobile devices, you can ‘tap and hold’ the links.
    Tip: To check a shortened link try http://unshorten.it/ as recommended by https://www.cnet.com/
  6. NEVER open or download anything unless you are 100% sure it is from a safe source. Some of the most common download extension used to spread ransomware are; .docx, .zip and .exe

We have a created a printable checklist for you can keep near your computer for easy access

Click here to get a printable checklist!

3 Bonus tips to reduce email-based scams

Are you still unsure if that email is safe or not? Try these:

  1. Google the subject line, because the chances are that you’re not the first person to receive this email if it is a scam.
  2. If you know the company the email was sent from, call the person / company, however, don’t use any phone numbers on the emails just in case.
  3. Contact your I.T. service provider and have them check it out for you.

If you do uncover a scam you can report the scam with the ACCC to help others avoid being caught out.

Term Definitions

phishing emails— sent from falsified or ‘spoofed’ email addresses. Many phishing emails often claim to be from a bank, online retailer or credit card company. These emails direct recipients to a website that looks like the real website of a retailer or financial institution, which is designed to encourage the visitor to reveal financial details such as credit card numbers, account names and passwords or other personal information.

From start to finish, inside a PayPal Phishing scam –  this is a good example I discovered while researching this topic

Email spoofing is the forgery of an email address so that the email appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source.  The goal of email spoofing is to get you to open the email, and possibly even respond to it.

Ransomware is a type of malware that blocks or limits access to your computer or files and demands a ransom be paid to the scammer for them to be unlocked. You will find that the first signs of an infected computer are that you won’t be able to open up files or “line of business” software will report the file is missing. Other versions will show a persistent message to try to convince you to pay the ransom. Scammers may pretend to be from the police and claim you have committed an illegal activity and must pay a fine, or they may simply demand payment for a ‘key’ to unlock your computer. If you pay the ransom, there is no guarantee your computer will be unlocked.