Carte Blanche

Tips to avoid becoming a victim of “Email Spoofing”

21 July 2019
With hundreds of millions of Rands transferred across bank accounts every day in South Africa – cyber criminals are using advanced email hacking techniques to get their hands on your cash.

Also known as “Business Email Compromise” or “Man-In-The-Middle Attacks”, such email phishing scams are on the rise and we all need to be more alert and aware of some best practices to better safeguard ourselves. Here’s how to better protect yourself and your personal information.

1) Never click on misleading links or download unfamiliar attachments, especially the ones that require you to verify or confirm any of your login credentials or bank account details.

2) If you don't recognize the email address that a message is coming from, proceed with caution.

3) When you receive an email message, check the sender information carefully. Do not trust the name that is displayed. By clicking on “reply”, and physically looking at the whole email address e.g. [email protected], one can verify the sender’s email address.

4) Free email accounts are literally less than a dime a dozen. Anyone can get an address from Hotmail, Gmail, with your name in it. It could be an address that looks like yours, but with a dot instead of a hyphen, or a number instead of a letter.

5) When one receives an attachment containing bank account details to where payments are to be made, check the email address against your address book to confirm that the email address is correct. Also if you receive an instruction to change a bank account number, contact the organisation by phoning the number you have on record, or from their website, or an old account, but never dial the number on the current invoice. Phoning two different individuals is advisable, rather look silly than end up out of pocket.

6) Install an anti-phishing toolbar. Most popular Internet browsers can be customized with an anti-phishing toolbar. Such toolbars run quick checks on websites that you are visiting and compare them to lists of known phishing sites.

7) Get into the habit of changing your online account passwords regularly, such as banking accounts, email accounts, etc.

8) Do not use the same password on different locations e.g. for your mail as well online shopping accounts.

9) Some indicators of a spoofed email message are:
• Requesting a login or password over email.
• Asking for information that the "sender" should already have, like account information.
• Messages that include grammatical or spelling mistakes.
• Messages that include different fonts inside the same message.
• Links that are labelled as a particular name, but when hovered over reveal a completely different address or url.

10) Learn to use your browser’s security features or consult the service provider to assist with activating all available security measures.

11) Activate two factor authentication wherever available. Only use sites and service providers that use two factor authentication.

12) Consider getting a cyber insurance policy.

13) Require service providers and clients to also follow minimum security measures.

14) Keep your computer's antivirus software up to date.

15) Do not use known words, especially English words as your password. Use a combination of words, letters, special characters and upper/lower case.  Do not use well-known combinations such as “P@$$w0rd” as these are easy to crack.

16) Do not use outdated software. If it is not supported anymore, then patches for known vulnerabilities are not being distributed.

17) Manage what information is distributed on social media regarding you, your family and your organisation.

18) If anything is suspicious, or “does not look right” do not transfer money or act on an email, rather contact the person in question to verify things. This also refers to mails/instructions coming from a member of management.  A criminal will try and create an “emergency” or urgency to move you to ignore the correct verification procedures.

Tips supplied by Cyanre.