There are over 87,000 reported email scams annually. Here’s how to protect your business.

Tuesday 6 December, 2016

Beware, email scammers are out to get you. They’re clever, resourceful, sneaky and highly motivated to line their own pockets. They have no conscious and they’re constantly looking for the easy win.

Email scams are big business. People make a living out of ripping off businesses, infiltrating the inner sanctum through emails. The trouble is most of us have no idea how to protect ourselves. We leave the proverbial front door wide open, thinking our email security measures will keep scammers at bay.

According to IT and online security expert John Boggon, from Stalient Systems, most have no idea how to protect themselves. He says people think email is bulletproof and practice the head in the sand approach. “There is no guarantee what you send will arrive into the right inbox or the contents will be the same. Because we think email is safe, we do not have any security measures in place,” he said.

“Most people only use one layer of security; typically, the program that came with their computer. The scammers are smarter. They know how to get through your defences, because what most people use is flimsy.”

Stop. Think about the times you’ve sent an email and the receiver tells you they never got it. You scratch your head, wondering where it ended up. Surely it is as simple as pushing send? 

“No” says Boggon. “Sending an email does not guarantee delivery. When you press send, there is no promise the other person will see the email. “There are no checks and balances or authentication protocols in place to check the email you receive or send. There is no real way of knowing the person who sent it is who they say they are. Email are easy to forge. There are people out there who are master impersonators; they mimic your account details, change your content and intercept your emails, hoping to capture personal info or send programs to get the information they want.”

What? You mean the emails I receive every day may not be the original? Is nothing sacred? This leaves thousands of people open to having their system hacked, files held to ransom, identities stolen and bank accounts emptied. No one is safe.

What have I done

Last year, over 87,000 people reported scams to the ATO. PayPal is a favourite of scammers. Telstra customers have been targeted. Even Pokémon Go users are being attacked.
You might be familiar with these types of scams.

  1. Typical email scam – Dating site or long-lost uncle has died leaving you millions and needed your help to get the money out of the country. 
  2. Phishing – Scammer sends millions of emails; all they need is a dozen people to be tricked into running an application or program accessible via an attachment or link. When the program runs, the scammer has full access to your computer capturing keystrokes – usernames and passwords. Ransomware is a version of this scam – you are tricked into installing a program, which encrypts your files. You receive an email asking for $1000 to decrypt YOUR files. These scammers even have 24-hour help-desk, to assist you to pay your ransom. 
  3. Whaling – The scammer targets senior management of an organisation, tricking them into transferring big bucks into an account. These scammers are highly motivated (spending a lot of time researching the company) because of the big financial gain. They register a similar name but slightly different and then insert themselves into the conversation. 

There are three major flaws in email security scammers take advantage of on their mission to defraud you.

  1. No authentication – no guarantee the email came from your contact.
  2. No guaranteed delivery – your email can get lost in transit.
  3. No encryption or security – emails are sent in clear text, which is easy to intercept.

How do you protect yourself against these insidious people attacking your business?

It boils down to email security and these four steps:

  1. Vigilance – Be suspicious of every email you get – do not trust emails you receive even from people you know. Check the sender’s domain – look for misspelling or extra characters. If you are not sure, DON’T OPEN.
  2. Layered security - Gmail and Office 360 have them, but you need more than one layer. Use MailGuard or SpamTitan, on top of your antivirus program. Boggon suggests thinking of your computer like a castle with multiple layers of protection – a moat, high walls and the keep designed to slow attackers.
  3. Education – Know what the threats are – set up Google alert to monitor for news stories. Check Scamwatch regularly. 
  4. Unsure? – Engage the services of someone who knows.

While it is nice to believe in rainbows, unicorns, and all people are nice, it is a sad reflection on the online world there are people out to cause you and your business pain. By taking some simple measures, you can ensure your bank account, identity and reputation remain intact. A quick search of Google reveals the volume of people who are impacted by scammers every day. So do not believe it won’t happen to you. It is just a matter of when.

Like this article? Sign up here to get more CCIQ insights.  



About the contributor: Annette Densham


From her first foray into the world of journalism at 15, Annette Densham was hooked on storytelling with purpose. A weaver of words and a hoarder of knowledge, Annette has written copy for websites, speeches, marketing and presentations and topics from forklifts to tax, to theatre lights and sport, to senior issues and health … she knows what makes news. With a 30 plus year career in newspapers, magazines and corporate communications, this ex journo now uses her skills to teach small business folks how to use their stories to connect with the world.Website: 



Post your comment


No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments