As our need to work digitally has become more prevalent over the last number of years and even more so during the current pandemic, we face another threat we know all too well. Cybercrime is a threat we have faced since working digitally but over the years it has grown and become more sophisticated, so we have some pointers to assist you in seeing the red flags that one might otherwise overlook.
Too many clients have been convinced to pay deposits into scammers’ accounts. The emails we have seen were all well written and have perfectly copied footers/signatures with photos of staff. The bank statements attached “proving” our banking details for the deposit (which is always requested in these emails) are stamped and look exactly the same as the real deal.
It is difficult to explain to clients that it is not our domain that is hacked, but the client’s. Gmail accounts are notoriously problematic.
Here are some handy tips to protect you when online:
How to identify a fake email (phishing)?
- Our emails are sent from the Greyvensteins domain. This means that from our Port Elizabeth office the emails will end with @greyvensteins.co.za; for our Cape Town office they will end with @greyvensteinsct.co.za and from our Johannesburg office, they will end with @greyvensteinsjhb.co.za. Emails that do not come from a trusted URL are not from our offices and therefore are potential phishing attempts.
- Characters in an email address that look suspicious – for example ‘ ’ being used to replace an ‘o’.
- Look out for edited logos, weird designs, mismatched fonts or stamps on documents that are clearly not the original stamp from the bank.
- Incorrect dates or dates that are nonsensical.
- False sense of urgency or push to click a link because of a security issue or information verification.
- An email from Greyvensteins Inc. will never include links to software updates or strange attachment formats – for example .exe. It will also never ask you to enable macros.
- The ‘To’ address contains multiple contacts with a similar attribute, like the same first letter or all email addresses from a different domain. Otherwise, the ‘To’ addresses look like a mailing list to which you would ordinarily belong, but the sender isn’t the authorised user of the mailing list.
- Hover over links to see where they lead (and don’t follow them) before you click if you have to confirm requests for action via another method with details you have on record.
How to identify scams?
- The promise of money in return for a favour or the promise of a large sum of money in return for you depositing a small sum of money.
- A request for your OTP (one-time pin) or password.
- A refund where they need access to your PC or online profiles to perform the refund.
- Notifications of lottery winnings or an inheritance from someone you may have never heard of.
- Request for credit card information.
- Unsolicited requests for personal information.
Check sender address
- Check that the sender address is the same address as the one on record (pay attention to replacements).
- When replying, check that your reply is being sent to the same e-mail address that is on the original email.
The main distinguishing feature of scams is that they sound too good to be true, and the reality is they usually are. The key to avoiding scams and phishing emails is to not respond, rather alert your relevant IT professional.
If you are ever in doubt about whether an email is from us please contact our offices and we will happily verify the origin of the email.