With reports suggesting that 3.4 billion phishing emails are sent every single day, chances are that you’re already familiar with them.
Phishing scams are defined as those where the attackers try to trick people into sharing sensitive information by pretending that the request is coming from a legitimate source. Once scammers have your personal information, they may use it to access your accounts, steal your data (and your clients’ data), and commit fraud.
Although some phishing scams are more obvious than others, cybercriminals are using ever-more sophisticated technology and techniques to make their emails seem genuine. This presents a serious threat for businesses, and last year 79% of UK businesses that experienced a cyberattack were victims of a phishing scam.
In this article, we’re going to highlight two phishing emails that were recently received by our clients. Neither of the examples used contained malicious attachments or links that would have shown up in a virus scan, but both have the potential to cause serious financial damage.
Suspicious about an email you’ve received?
Contact the team at Nebula IT today to identify potential security threats.
One of our clients received an email from an organisation inviting them to register on a database for promotional purposes. The email included a PDF form asking the recipient to sign it, giving the impression that the Register is a free business directory that it would be beneficial to join.
However, the small print of the document states that by signing the form the recipient is legally binding themselves to a three-year subscription, which costs €995 per year. There is a small cancellation window that recipients can use two years after signing, but the contract is difficult to get out of.
Although there is an online directory, a listing is essentially worthless – and certainly not worth the almost €3,000 the recipient may be tricked into paying.
Subscription scams like this are increasingly common, and it can be very difficult to cancel a subscription. These companies often hide their cancellation terms deep within their terms and conditions – and it’s sometimes the case that cancellation is not part of the terms of the agreement.
Contacting these businesses is notoriously difficult, with many of them based in overseas tax havens, and if you fall prey to a scam like this you’ll probably need to contact your bank to try to get the money back.
Fake fundraising is another common type of phishing scam. In an email one of our clients received, the sender asked for a donation to a GoFundMe page for a 29-week-old baby with health complications.
The sender claims that the baby is the child of “my late brother’s daughter who lives in Zimbabwe”. The email includes a link to a GoFundMe page, which the sender has fraudulently set up. Although it may be possible to get the money you donated back if the scam is later reported as fraud, this can be a lengthy and complicated process.
Fake fundraising scams like this are a serious crime, but it’s a common tactic that scammers use to try to trick you into sending them money. These types of emails deliberately tug on the heartstrings and exploit people who are taken in by emotional appeals.
What to do if you receive a suspicious email
Although we’ve only covered two common types of phishing scam in this article, there are many more out there. Some of them are really clever, so if you receive any emails that you’re suspicious of, it’s a good idea to get a second opinion from a professional IT company.
At Nebula IT, we’re able to quickly confirm the legitimacy – or illegitimacy – of emails, helping you to protect your business from harm. Get in touch with our friendly and professional team today for peace of mind and advice on how to spot phishing scams.