IT Warning - Email Fraud

What is an email fraud?

Email fraud is the intentional deception made for personal gain or to damage another individual through email. The number of business email compromise cases, in which cyber criminals request wire transfers in emails that look like they are from senior corporate executives or business suppliers who regularly request payments, almost doubled from May to December of last year, rising to 40,203 from 22,143, the FBI said. (Reuters – http://www.reuters.com/article/us-cyber-fraud-email-idUSKBN1811QH FBI - https://www.fbi.gov/news/stories/business-e-mail-compromise)

Easy to understand video - https://www.youtube.com/watch?v=sxybmE1rrZg 

Fight against them

How to protect myself?

1. Check the email subject, some of them have a [SPAM] tag which is the result of our protection mechanism. Pay more attention to them.
2. If the emails involve financial information (bank transfer, bank account, etc.), password, or any personal or sensitive information, it is always best to step back and verify the sender by alternate verified method e.g. ask the sender in person or by a phone call.
3. Do not click the links in suspicious emails e.g. to help a poor girl, to do an online investment, you won an iPhone 7 plus, etc. Always bear in mind there is NO free stuff or quick way to get rich, everyone needs to work hard.
4. Use the good enough email clients. For example, Microsoft Outlook on PC, Outlook Web App, Outlook/OWA app on iOS/Android offers the corporate people photos to help verify the internal senders in a quick and obvious way. Refer to the attached screenshots (Real-and-Fake-CEO.png), who would you believe he is our real CEO?

1. Outlook Web App (OWA) – https://portal.office.com
2. Outlook app – iOS https://itunes.apple.com/us/app/microsoft-outlook-email-and-calendar/id951937596 Android https://play.google.com/store/apps/details?id=com.microsoft.office.outlook
3. OWA app – iOS https://itunes.apple.com/us/app/owa-for-iphone/id659503543 Android https://play.google.com/store/apps/details?id=com.microsoft.exchange.mowa 

What actions needed if I receive a fraudulent email?

1. NEVER respond to them.
2. Forward it as an attachment to CyberSecurity@rmagroup.net. This can be done by click “Forward as Attachment” button or drag and drop into the new email (refer to Forward-as-Attachment.png).