Malicious Emails and Financial Scams
Malicious emails are the most common cyber-attack. There a several different types of malicious emails, including: phishing messages, fake job scams, malicious attachments. Financial scams perpetrated over email are also becoming increasingly common.
Types of Malicious Emails
A phishing message is a type of social engineering technique used as a fraudulent attempt to obtain sensitive information from a user. Information usually gathered includes; login credentials, personal identifying information or even credit or bank information. Phishing usually is in the form of email, sms (text message) or phone calls.
A Job scam is usually conducted via email. The email looks like the user is being offered a job. Sometimes they will look as if they come from a legitimate job site, other times it will be a simple job offer. Be wary of any unsolicited job offers.
Malicious email or messages usually contain a link or a document for the user to visit or open. Then the user’s computer is infected with some type of malware that can steal sensitive information or cause havoc on the user’s system. Ransomware is common malware used to lock a user out of their system unless they pay the attacker money.
Similar characteristics of malicious emails:
- An email appears to be sent from a well-known company, asking a user to verify their information because they suspect the user may be a victim to identity theft or an account compromise.
- An email with a link asking a user to provide their login credentials to a website from which the user receives legitimate services, such as a bank, credit card company, or even your employer.
- A text message that asks you to call a number to confirm a “suspicious purchase” on your credit card.
- An unsolicited email containing a link to a website or a document to download.
- Spelling and grammar errors throughout the message.
- Sentences in all caps/uppercase letters. Trying to grab the user’s attention the legal action will be taken if the user does not comply. This is a scare tactic.
Common types of financial schemes involve convincing you to pay money for some reason or another. The scam could claim to be in response to a tax audit or police investigation. They could also indicate you “won” a prize, but need to pay a fee up front before you can claim the prize.
Another type of financial scam involves the collections of personally identifiable information (PII), such as Social Security numbers and birthdates, to commit identity theft. Victims may end up experiencing financial loss and negative impacts to their credit scores.
Fraudulent job offers are also routinely used in financial scam emails. These emails often offer an unsolicited part time job opportunity. Victims who respond are usually asked to participate in some activity which ends up leaving them responsible for a financial loss. An example of a fraudulent job offer scam email is shown below:
How to Protect Yourself
- Report suspicious or unsolicited emails in Office 365 (web interface or desktop application).
Microsoft uses this information to stop other emails and block links in existing emails.
- If you are reporting the email in Outlook on the web, click the ‘Report’ button and click ‘Report Phishing’.
- If you are reporting the email in the Outlook desktop application, make sure you have
the Report Message add-in applied to your account. Select the email you would like
to report, click Report Message, and select the category you would like to report
the message as.
- To apply the Report Message add-in, click the ‘Get Add-ins’ button on the tool bar, then search for Report Message, click Add and Continue. After the process of applying the add-in is complete, the Report Message button should appear on the right-hand side of the ribbon.
- Report the email to the IT Helpdesk by composing a new email message addressed to firstname.lastname@example.org and dragging the suspicious or unsolicited email to the new email message; this method will allow the suspicious email to be added as an attachment in the new mail item. You may also forward the suspicious email to email@example.com
- Be suspicious of unsolicited emails, text messages, and phone callers. Use discretion when providing information to unsolicited phone callers, and never provide sensitive personal information via email. If you want to verify a suspicious email, contact the organization directly with a known phone number. Do not call the number provided in the email.
- Only open an email attachment if you are expecting it and know what it contains. Be cautious about container files, such as .zip files, as malicious content could be packed inside.
- Check to see if the website is using https in the address bar. If a website is using http, it is not secure and you should not enter any information on that website.
- Scammers constantly target individuals by email, but false unsolicited phone calls may also be used. Being wary of any communication that meets any of the above criteria will go a long way in keeping your information and money safe!
- Report suspicious emails to your email provider. Emails received at your OSU email address can be reported to the OSU IT Helpdesk at firstname.lastname@example.org. Consider contacting your local law enforcement office if you have suffered financial losses.