Follow us

June 16, 2021

Limit Your Exposure to Email Phishing Scams

Limit Your Exposure to Email Phishing Scams

Since the start of the COVID-19 pandemic, there have been over 6,311 reported cases of fraud perpetrated against Atlanta individuals, families, and businesses. The primary communication method used to identify, manipulate, and extract financial information was email. The tactic, commonly referred to as a phishing attack, occurs when scammers (bad actors) attempt to solicit personal financial or other information by posing as a trustworthy organization or individual. In many cases, the emails appear to come from banks, credit card companies, the IRS, a known individual within the organization, or a known vendor requesting account information needed to resolve an issue currently under investigation. Recipients are tricked into believing they are responding to a valid request to transfer money from a known and recognized source. Unfortunately, the scammers’ e-mails appear to have the same e-mail addresses as the known and trusted sources. This results in money be transferred to the scammer that may not be able to be recovered if the money has already left the bank account and cannot be recovered by the bank and the Company does not hold insurance covering this type of cybercrime. The key to avoiding phishing scams is to know how to identify signs of an attack and the follow-up steps should an individual / Company become a victim. To help clients, prospects, and others, Wilson Lewis has provided a summary of the key details below.

Common Indicators of a Phishing Attack

  • Recognized e-mails but Unusual or Rushed Requests – E-mails appear to come from a superior or someone else with authority inside your own company asking you to send money or mail a check immediately or quickly to a bank account that you don’t already have saved as a regular account. Any e-mail asking you to send money should be a red flag that should be followed up on before it is done. Don’t hit reply on these e-mails to follow up. Start a new e-mail to the person you recognize using the e-mail address you have saved to verify that they sent this request, and it is something they are asking you to do. Scammers can make an e-mail appear to be coming from anyone’s e-mail address, you have to dig deep into the IT code properties of the e-mail to identify the true sender. It’s ALWAYS better to just verify the request, using a new e-mail, before the money is sent anywhere.
  • Unusual Sender Email – Since the purpose of a phishing attack is to appear as if a request is coming from a legitimate source, bad actors will attempt to imitate a legitimate business. In many cases, the sender’s email address will closely resemble one from a reputable company but have a few characters missing or rearranged.
  • Generic Greetings – Oftentimes scammers will use generic greetings such as “Esteemed Customer” and fail to include specific contact information in the signature section of the email. Most trusted businesses will typically address customers by name and provide detailed contact information.
  • Poor Spelling & Layout – Professional businesses and organizations do not send emails laced with spelling errors, grammatical issues, or poor layouts. When an email appears that contains several errors and issues, it is often a sign it is not authentic communication. Remember that businesses have resources assigned to ensuring the quality of customer communication.
  • Suspicious Attachments – Unexpected emails that ask the receiver to download and open an attachment is a common tactic used to deliver malware. In many cases, the bad actor will attempt to create a false sense of urgency to persuade the recipient to immediately download the file and act leaving little time to think about the consequences.
  • Spoofed Hyperlinks – These are hyperlinks that do not take the user to the correct website. Bad actors will include links to malicious websites that have domain names with a variation in spelling or a different domain extension (dot net versus dot com). Finally, it is also common to use link shortening services to further conceal the malicious website’s URL.

Limiting Exposure

Sometimes despite best efforts, individuals fall victim to these scams and reveal personal financial and other information which can be used for fraudulent purposes. If there is concern about  falling victim, immediately take the following steps:

  • Change Passwords – If information about passwords was revealed then it is important to change it to prevent further access. Since many people use the same passwords or similar variations across multiple accounts, it is necessary to review and update other information as well.
  • Financial Accounts – If credit card, debit card, or bank account information was shared then it is important to immediately contact the financial institution and let them know about the situation. Oftentimes, it will be necessary to close impacted accounts and open new ones with completely different account numbers to prevent unauthorized access. Many credit card companies will follow the same procedure but allow cardholders to contest unauthorized purchases.
  • Notify Credit Reporting Agency – It is also a good idea to notify the major credit reporting agencies that credit card and financial account information has been compromised. Finally, it also makes sense to review recent credit reports to ensure unauthorized lines of credit and new credit cards have not been received.
  • Report the Fraud – It is important to report the event to let the authorities know about what happened and the specific details. At a minimum, report the scam to the Federal Trade Commission and other local agencies as well.
  • Cybercrime Insurance – make sure your insurance policy covers you for cybercrime, so if something unfortunate happens, and the bank can’t recover the funds, your insurance company will reimburse you for the lost money.

Contact Us

Taking a little extra time before opening a suspicious email or sharing sensitive financial information can help to prevent becoming a victim. When there is a doubt about the legitimacy of an email, then it is best to contact the sender organization to ensure the request is valid. If you have questions about the information outlined above or need assistance with another tax or accounting issue, Wilson Lewis can help. For additional information call us at 770-476-1004 or click here to contact us. We look forward to speaking with you soon. 

Erin Carter, CPA, CA, CFE, MBA

View Erin's Insights

Sign up to receive monthly industry insights

  • This field is for validation purposes and should be left unchanged.