The intelligence of today’s cybercriminals is unfortunately proving to work and is catching us out. Some emails now appear to be from someone you already know – an existing contact, but actually, they are an intelligent spoof. This is a very common way these criminals tempt us to click into the malicious email. Hackers do know that we are more inclined to click on emails if they are from somebody who we trust, and will use almost exact fake email addresses. Below is a quick made up example of how similar these may be:
Real: [email protected]
Fake: [email protected]waliscargo.com
Spot the difference? The ‘walliscargo’ is simply missing one ‘l’. If you’re checking emails quickly, it’s highly likely that you wouldn’t even notice this tiny difference.
Sometimes, the hackers can use your internal email addresses to appear in the ‘from’ box. There may not even be an error to spot here so check for tell-tale signs such as email signatures and check if the email is being vague with details.
TIP: Many business email compromise attacks pretend to be senior executives such as your CEO or COO.