Current E-Mail Scams to Keep an Eye Out For

Cartoon with a sign that says "Email Scam" | Featured image for Current E-Mail Scams blog.

Phishing attacks are a serious threat to businesses, 75% of organisations from all over the globe experienced such an attack in 2020. Current e-mail scams take many forms, and it isn’t just high-profile attacks that employees and employers need to be aware of. E-mail scams connected to phishing, such as spearfishing emails, are increasingly a threat to companies data and operations but other attacks include spam, malware, data exfiltration, and impersonation. Connected Platforms provides IT support Brisbane wide and we’ve assembled this blog to help increase your awareness and understanding of current e-mail scams so that you can prevent them from happening.

Phishing

The most common of all e-mail scams, phishing attacks lure users into believing a message comes from a trusted source and entices them to reveal sensitive information, wire money, or log in to an account for the attacker. Phishing attacks come in a variety of forms and include spearfishing emails, e-mail spoofing and business email compromise schemes.

Spearfishing

A spearphishing email is an attempt to steal sensitive information from you or a company and includes business email compromise (BEC) scams such as CEO fraud or false invoice scams.

E-mail spoofing

These current e-mail scams revolve around impersonating trusted sources and mimic organisations victims trust. Major attacks have seen scammers pretend to be PayPal, Amazon, and FedEx which makes it easy to trick staff into opening the compromised email.

Business email compromise schemes (BEC)

These types of e-mail scams are a variant of the spearfishing email and are widely used, so much so, that 65% of organisations reported facing this type of threat in 2020. The three most common and current e-mail scams in this category include:

  • CEO Fraud– Where attackers pose as a CEO and trick employees into revealing information.
  • Account Compromise– When criminals take over an account and begin requesting invoice payments.
  • False Invoice Scams– Based around social engineering and e-mail spoofing this type of fraud is aimed at an organisation’s financial department.

Spam

Unsolicited and high-volume, this type of threat is sent en mass and commonly referred to as junk email. Spam can perpetuate scams and fraud while often looking like it has been sent by a popular commercial brand. It baits victims into revealing credit card information or other sensitive personal details.

Malware

Software designed to damage technical resources, interrupt operations, extract data or access sites remotely. Often distributed by an email attachment or a URL linked to harmful content. Malware comes in many forms such as viruses, worms and ransomware.

Data exfiltration

These attacks happen, accidentally or intentionally, when data is taken or copied from a device without the owner’s approval. This can be achieved by using physical access to a computer and by using harmful programs on a network or the internet. Also, known as data theft or data leakage, it commonly results from human error.

Impersonation

A broad style of attack that encompasses scammers pretending to be a person, organisation, or service and is frequently connected with phishing.

  • Domain impersonation– Subtly and tricky, this style of attack occurs when hackers impersonate a domain. For example, if an attacker were pretending to be thankyou.com they may use thankyu.com as the URL.
  • Brand impersonation– Crafted to act as a company or brand, this type of attack tricks the victim into disclosing personal information. Attackers can attempt to imitate a service offered by companies or pretend to be an employee of the organisation.

Searching for more security?

Connected Platforms offers small business IT support Brisbane wide and are happy to help protect and secure your information. Please connect with us on 07 3063 6932 or request a FREE IT Health Check. Our managed IT services Brisbane team will work with you to provide efficient and effective IT solutions.

More blog posts

How to create secure passwords

How to create secure passwords

Weak passwords are one of the biggest security risks to your business.
Why?
Because cyber criminals are getting smarter than ever before. If they manage to crack just one password, they could gain access to your sensitive business data, financial information, or even gain control of your entire system.
Cyber criminals use automated tools to guess passwords, allowing them to try out millions of combinations in seconds. So, if you’re using something like “Password123” or “CompanyName2025”, you’re practically handing them the keys to your business.
A compromised password can lead to big issues, such as:
• Data breaches
• Financial losses
• Identity theft
• Reputation damage
But how do you create strong passwords without driving yourself (and your team) mad?
Think of your password like a secret recipe, where only you should know the ingredients. It should:
• Be at least 14 characters long (the longer, the better)
• Include a mix of uppercase and lowercase letters
• Contain a few numbers and symbols (like @, $, %, or &)
• Not contain any common words or easily guessable information (like birthdays, names, or the word “password”)
Instead of using a single word, you could try a passphrase – a short, random sentence that only you would understand. For example, instead of “Sailing2025”, try something like “Coffee&CloudsAreGreat9!”. This is much harder to crack, yet still easy to remember.
You should also steer clear of these common mistakes:
• Using personal info (your name, birthday, business name, etc.)
• Reusing the same passwords across multiple accounts
• Using simple sequences (“123456” or “abcdef”)
• Storing passwords in an easily accessible place (like a sticky note on your desk)
If remembering unique passwords for every account sounds impossible, there is another option: Password managers. These generate strong passwords, store them securely and autofill them for you.
With a password manager, you only need to remember one strong master password for the manager app itself. The rest are encrypted and stored safely, reducing the risk of data breaches.
Even the strongest password isn’t foolproof, which is why multi-factor authentication (MFA) is also important. MFA requires a second form of verification, like a one-time code sent to your phone or generated from an authentication app.
If you have employees accessing your business systems, it’s a good idea to have a password policy in place to explain your rules and why they’re important. This should include:
• Unique passwords for each system and account
• Regular security training on password best practices
• Business-wide use of MFA for critical systems
• Scanning for compromised passwords regularly
By making password security a priority, you can reduce the chances of a cyber attack creating a nightmare for your business.
And if you need help making your business more secure, get in touch.

Beware these common ‘malvertising’ attacks

Beware these common ‘malvertising’ attacks

Ever clicked an online ad and wondered afterwards if it was a scam?… most of us have – and cyber criminals want us to keep doing it. Here’s what to look out for to stop your business’s data (and profits) falling into the wrong hands…

Call Now Button