Four Types of Email Cons Using Social Engineering

NetgainCybersecurity & Compliance, Financial IT, Healthcare IT

Social Engineering is the psychological manipulation of people in an effort to have them perform actions or divulge confidential information, and it is a major security issue. For centuries, con artists have used this method to gather confidential information for criminal use. In the modern world, the con artist has additional tactics including the installation of malware.

Email has made the con artist’s job much easier. This article discusses four different types of email cons that individuals must be wary of.

  1. Email coming from credible looking address
    Many attacks display a “from” email address that looks legitimate. This is commonly used with companies such as FedEx or UPS as the sender. One way to avoid disaster is if you receive an email with a tracking number, never click on the link or open the attachment that the email provides. It’s always best to copy the tracking number and go to the website directly.
  2. “From” name is correct but the “From” address is hidden
    It becomes more difficult to detect whether an email came from a con artist when the email address is not shown. If the email is asking you to do something, call the person who sent the email to confirm the email actually came from them. Never click on the link or open the attachment that the email provides if the email has a hidden address.
  3. “From” name is correct but the “From” address is wrong
    One method to motivate a recipient to do something is to get them to think that the email is from their boss or the CEO. The email will show the contact’s name, however, looking closely one will notice that the email address behind the name is wrong. In this situation, you’ll again want to call the actual person to confirm they sent the email. Unless you get confirmation from the contact, never click on the link or open the attachment that the email provides.
  4. “From” name is correct and the “From” address is correct
    Sometimes the con artist’s email even shows the correct email address. However, upon clicking reply, the email address changes to one controlled by the attacker. Again, always confirm requests by calling the person first before clicking on the link or opening the attachment that the email provides.

There are several common requests con artists ask of recipients. These include asking the recipient to send a wire transfer to an account, requesting the recipient’s W-2 forms, or including links and attachments to click or open. There can be major consequences that result from following through on the con artist’s requests. It could open up your device to malware installation, or worse, the loss of money from a tax refund fraud.

Final Thoughts

Email is an amazing tool; unfortunately, it is easily forged. It’s important to understand that con artists are out there, and that you simply cannot rely on the validity of the displayed “From” address. This is especially true when the person is asking for confidential information, or includes links or attachments. As humans, we are naturally trusting beings, but there are some people that will take advantage of that trust any way they can. Be cautious, be careful, and don’t click too quickly.