Email fraud attacks 2018

Aug

 -What is email fraud?

Also called scams or business email compromise (BEC), it’s a kind of threats that target stealing your money and personal or organization information that gives the scammer the authority to access, as for example, your bank account, or deceiving you to simply send them an amount of money. And on the level of a company, scammers may attack a whole bank. Email Fraud is considered to be the top-rated risks attacking emails for the year 2018 and they are getting more and more sophisticated especially that this kind of threats does not include any links or attachments which make it more difficult to predict.

- Email fraud 2018 numbers:

      - 75% of organizations where targeted by email fraud attacks
      - 53% of organizations suffered from downtime
      - 33% of organizations suffered from money loss
      - 54.50% of threats was recorded in January 2018
      - 43.92% of the attacks are targeting payment systems category and
         18.25% for banks category.

-Email fraud common types:

-Phishing for data:
The most common fraud type is the phishing for data where the attacker pretends to be someone else, as for example your bank or a company that you have a business relationship with, asking you to update or revise your personal information or to pay them some amount of money for some agreed upon deals.

-Attractive false offers:
The fraud attack may come in the form of selling a product or a service offering an appealing deal, or offering a dream job opportunity under the title of “want to make a lot of money in short time and least effort?”.
In both cases, you will be required to fill a form with your personal information and purchasing data or your company sensitive information which will lead to a catastrophic loss.

-Fake Donations:
you may receive an email asking you to donate for a certain global case as an act of charity. This type usually appears after a natural disaster happens such as floods and earthquakes.

-Congratulations! You won the prize:
The fraud here comes in form of a congratulations email that you won a prize or a lottery and you are asked to fill your personal information including your bank account in order to transfer the money, or even pay an amount of amount to receive your gift.

Since your employees could put your system into risk then a very good education is essentially needed to raise the awareness against these types of emails.
Let me give you some tips on how to train your team against these emails:

-Organize training sessions where you can explain all types of fraud emails giving examples for each

-Be careful of the used subjects, attackers are using some sort of threating words to attract the user to open the message

-Point your employees to check and hover their mouse over a sent link to detect the real destination for it

-An email with just a link or an image is not a trusted email

-Ask your employees to immediately report to the IT department in case of any fraud emails received

WorldPosta Protection against Frauds

WorldPosta have a dedicated intelligent built-in protection system, consisting of multi-layers of filtering to prevent any suspicious unwanted messages to even reach your email system.
Let me discuss briefly some of these tools that protect you against all fraud types:

-SPF records: Sender Policy Framework, it’s an email authentication protocol or it’s also called as validation system that allows the domain name owner to define a list of IPs, only this list can send emails on behalf of this domain.
When an email is sent the email receiver start to try matching the IP received from the sender with the SPF records. If it matched any of the records, the email is sent successfully as intended otherwise the sent email fails the SPF test and may be rejected by the email receiver or marked as suspicious. In that way, no one can use your email to send any deceiving messages with your name and in turn, if you are the receiver you will be protected from receiving this fraud email.

-Sender ID: it’s an authentication method that compares the sender’s address with the IP address in order to make sure if he is authorized to send an email using that domain or if he is trying to send a fraud attack

-Reverse Domain Name Service (rDNS): it’s used to resolve IP address into domain name working as a spam filter so that if the IP address does not match the domain name the message will be blocked

-Domain keys identified Mail (DKIM): it’s also an authentication method to make sure that the domain name is not a spoofed one used to send fraud attacks

-Sandbox technique: it’s a technique used where messages are tested in a real-time spam analysis environment in order to predict and spot any suspicious contents.

All these techniques combined together can guarantee to block all kind of fraud attacks and prevent any potential harm.