Email is one of the most common means of communication in private and professional life. Despite all its advantages, it requires some precautions for use, both when sending and receiving messages. This article sheds light on the most common forms of fraud. In general, the right reflexes should be adopted. Mail servers must also be properly protected.
The most well-known scams use email as a “crime weapon” or as “bait”. They also use social engineering methods to hit their target. Human vulnerabilities are widely exploited.
There are several types of advance fee fraud. The “Nigerian” scam is the best known. It is very simple and effective as the criminals spread it by email. This type of scam seeks to exploit our greed. Usually, a stranger asks you to help them by making a money transfer … And offers you a big reward in exchange for your help. This scam is called “Nigerian” because it comes from Nigeria.
Other frequent variants of advance fee fraud include, for example, dangling lottery winnings or exceptional offers to bait victims.
These messages are harmless until they are answered. However, as soon as you give any type of response, you will be told that your win is within reach but you must pay a “processing fee” or legal fees before receiving your prize.
Phishing is a widely used technique for stealing the username and password of a legitimate user. Phishing very often uses fear of a virtual threat and urges the victim to act quickly. This is largely due to the fact that the infrastructure used by phishing users does not usually stay in place for long because the police or the host stop it as soon as the illegal activities are discovered.
Examine emails with a critical eye. Be wary when:
These false requests exploit victims’ feelings of compassion or fears. The best known are fake call-backs, fake requests for help or CEO scams.
These messages are harmless until they are answered. However, once you answer the email, you will be harassed.
You are a victim:
If you have been the victim of such an attack, the CIRCL (Computer Incident Response Centre Luxembourg) recommends the following actions: