Tips to Avoid Email Scams

The invention of email, has brought yet another way for scammers to trick users into giving out their personal information and even worse, their money.  It is important when running your business in this digital age, to understand how email scams work, and how to look out for them, so you can protect your assets.​

Some Types of Email Scams​
Fake Emails from the IRD and Banks
Especially around this time of year, when the IRD is processing annual tax summaries and refunding overpaid tax, one of the types of email scams you can receive are fake emails posing as the IRD or your bank.  These emails can be quite dangerous as users falling for these scams are potentially giving full access to their bank accounts, to a complete stranger.  Fake emails will almost always include a picture of the IRD or bank logo, and will look fairly legitimate.  The only thing is, both the IRD and all New Zealand banks will never communicate important financial information with you via email.

IRD have gone one step further and have a built in secure mail service available only from their official* website.  Any email you receive from the IRD will only be to notify you of an incoming alert or message.  You must log into the site to access the contents of that alert or message.  IRD will never ask you for any details via standard email.

New Zealand banks take a similar approach to IRD with most of them sharing alerts to you via your online banking app only.  They may email you from time to time with general information on their services, but any issues that may arise with your day to day banking will result in a phone call from your bank, not an email.
Banks will not link to their online banking app in any emails, and will never ask for your login details at any time.

Bogus Website Enquiries
A more recent type of email scam comes from enquiries from your website.  Scammers posing as potential clients can use your web form to contact you, expressing supposed interest in your services.  These emails are particularly prevalent in the sale online digital services, and involve stolen credit cards being used to pay for your services.  The scammer will engage in your services, ask to pay you a big deposit and then mention that they would like you to forward some of the payment to a third party who also happens to be collaborating on the project.  Once the credit card is reported as stolen, the bank will reverse the payment at your end, and you will be out of pocket for the amount you transferred to the third party.

One of the biggest clue that you are possibly being scammed is, the email sender will tell you they aren’t contactable by phone, and will not give many details, but they will want to work quickly because they are on some kind of time restriction. ​ If at any time a potential client is seemingly withholding any details about themselves, you should be weary.

Malicious Microsoft Office Attachments
The most common type of email scam right now, is one that involves phishing for your Microsoft account details. 

This type of email will appear to come from someone you know, and will have an attachment.  When clicking on the attachment, you will be taken to a realistic looking Microsoft site and asked to log in to your Microsoft Account to view.   Once you enter your email and password, the scammer immediately have access to your email account and will proceed to send the same email out to all of your contacts and other people you have sent email to, allowing them to send the same fake attachment to all of those people too.  They will also be free to send out fake invoices to your clients, posing as you, with their bank account details for payment.

Phishing noun
The fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.

Microsoft has helped combat this by offering Advanced Threat Protection as an add on to their business subscriptions.  ATP is fairly good at picking up emails with unsafe attachments and quarantining them before they reach you.

IS THE EMAIL FAKE?  Here are some hints:
​
​Does the sender's address seem a little odd?
Instead of the sender having an clean, official email address such as name@company.co.nz, a scam email may be something like "name.company@somethingodd.com".  It is also not unusual for scammers to use gmail or other free online email accounts to send out scam emails, as these accounts are free and easy to quickly create.

Does the email address you by name?
​Any emails beginning with "Hi Customer" are most definitely a scam.  If the email doesn't include any information to prove they actually know you, it should be treated with suspicion.

How does the email read?
If the grammar, language and spelling seem a bit off, there is a high chance the email is not genuine.  Due to language barriers and the limitations of online translating applications, emails sent from a foreign scammer are generally quite easy to spot.

Are you being asked to act quickly?
Nothing is too important to neglect the necessary preparation when closing a deal.  You should know as much as you can about who you are working with, or who you are helping.  If someone is pressuring you to act quickly, for whatever reason, you should be cautious.

Are they saying they cannot be contacted by phone?
A very common excuse that scammers use is that they cannot be contacted by phone because they are hard of hearing.  If you are dealing with a person that refuses to communicate in any way other than by email, it is likely to be a scammer.

Does the email contain an attachment or invoice you are not expecting?
Never pay for something you weren't expecting without asking questions.  If you receive a surprise invoice, even if it is from someone you know, do not open it.  Give the sender a quick call to check that the email was legitimate.

What can you do?
It is important to stay vigilant with your email communications.  If you are ever concerned that the email you have received might not be genuine, there are a few things you should do:

• Call the company directly to confirm that they have sent you the email
• Google the company and see what their standard email addresses look like.  If the domain name of their standard email address matches what has been sent, then you will know it is legitimate.  To find out more about domain names, check out this blog post.
• Hover your mouse over any links to see where the link is taking you.  If it is not taking you to the company's normal web address, don't click on it.
• Ask for contact details for anyone who is asking to invest in your services.  If they can't at least give you a full name and contact number, refuse to deal with them.
• Don't open any attachments if you aren't expecting them, even if they are coming from a known sender.

It is most important to stay informed about the latest digital threats that can affect you and your business.  For more digital tips and tricks, and to stay in the loop with the Wright Way Fam, sign up to our newsletter right here.

*the official website for the Inland Revenue Department (IRD) can be found at ird.govt.nz