Common Email Scams You May Encounter (With Examples)

Picture of Saxons Blog

Saxons Blog

There is almost no escaping email scams in this day and age. Everyone gets them. But, luckily after 50-odd years of emails existing, most of us know that there is no Prince with a fortune to bestow upon us so long as we first transfer a sum of money. Yet – as with anything, if there is an exploit to be found cybercriminals and grifters will make use. The complexity of email scams has only increased – some email scams can look incredibly authentic, while others are noticeably more amateur.

In this blog post, we’ll shed light on some common email scams targeting businesses, and provide some examples to help you recognise potential threats in your own inbox.

Common Email Scams Targeting Businesses

 

1. Fake Microsoft password reset requests

Microsoft will NEVER send you an email with a link requesting that you change your password. The quality of these scam emails can vary. Some may look just like other official emails you have received from Microsoft. The branding of the email may be convincing, and the wording clear. Below is an example of a more egregious attempt.

In this example, a staff member at Saxons IT received this scam email to their inbox. It was flagged as “to be reviewed” by our spam system. To begin with, this email has come from an unrecognised email address, with no relation to Microsoft. Additionally, the “TradeMark” at the bottom of the email is bazar, as Microsoft would have their own business details there, not the details of the company being emailed. Furthermore, the email layout itself is crude. The “Microsoft” logo is just a 2×2 table with the colours filled in (not the official Microsoft colours), which is why it looks stretched out as the table width is set to fill the screen. The font and layout are an additional giveaway. But remember, Microsoft never sends password reset emails, so that is your biggest giveaway!

 

2. Fake remittance advice and Invoice emails

There has been an increase in fake remittance advice and invoice scams. These scam emails have cybercriminals pose as a real company, with a “remittance” or “invoice” attached. This attachment usually hides a link to a virus or other malicious item. In the below example, a scammer is attempting to impersonate the accounts department of a popular New Zealand freight company.

Highlighted in yellow, Outlook displays where the email actually came from. The “From” email was a spoof of the freight companies. You’ll also see that the attachment is actually a link, which usually contains malware or leads to a scam page. The spelling and grammar in this email are poor – “remittance advise“. Additionally, the “%” around words tends to indicate that the scammer intended to have the words between auto-filled with relevant information, but was unsuccessful in this case. But, the biggest giveaway that this was a scam to our finance team was… We have never interacted with this company before! But, in remittance scams, this is not always the case. If you are ever unsure about an email you have received from a vendor or client, reach out directly to a trusted contact via phone call to discuss further.

Here is an example of a fake invoice email scam, from the same scammer:

 

3. Fake voicemail notifications scams

Fake voicemail notification scam emails have been prevalent over the past couple of years. They prey on a business professional’s urgency to tend to a possible missed call. Interacting with these emails can lead to inadvertently compromising personal or corporate security.

These email scams work by mimicking the legitimate voicemail notifications some companies have set up. This is where voicemails are sent to an employee’s email, allowing them to listen to the recording. The fake voicemail notification scams aim to lure recipients into clicking malicious links or downloading infected attachments.

Sometimes, the from email may even be your or another business email – this was the case in the example below. But, in this occurance, it was an act of domain impersonation and not the email itself being compromised. Most email applications will display what type of file is attached. Here you can see that it is a link – but when in doubt, always remember to hover before you click. This means that before clicking on any links or attachments, hover your mouse over them to preview the destination.

 

In conclusion, awareness is the first line of defense against email scams. By staying vigilant and informed, businesses can reduce the risk of falling victim to deceptive email practices and protect themselves from cybercriminals.

Share this post on...
Facebook
Twitter
LinkedIn

LATEST POSTS

digital hygiene
Tech

Digital Hygiene Tips

Keeping good digital hygiene is an important aspect of being online. Below are 5 tips to keep in mind. 5 Tips for Good Digital Hygiene

Read More »

We provide a comprehensive range of IT solutions for Australian businesses

continuity

Business Continuity

Business Continuity is the planned process employed by companies to re-instate their business process. It details the procedures acted upon to ensure the continuance of essential functions during and post event.

connectivity

Business Connectivity

Business Connectivity is the underlying framework including applications designed to keep your business talking. It allows for fluid communication between project teams, clients and management.

mobility

Business Mobility

Business Mobility is the practice of IT strategy supporting work on any device or in any location. It allows for work to continue on the go, while reducing costs and promoting more open corporate culture.

relocation

Business Relocation

Business Relocation is the planning and implementation of new site operations. It allows for the seamless IT operation of new offices with zero downtime.

scalable

Scalable Solutions

Scalable IT Solutions allow you to only pay for what you use, with the ability to rapidly increase your resources in response to business growth or other changes.

security

IT Security

IT Security protects your data, business processes and IP from threats and intrusions, in a secure, enterprise-grade computing environment.