Spot Impostor Email Scams—at Work and Home
People around the world exchange about 205 billion emails, every day. Although many people read and respond to dozens of personal emails, the majority of total email traffic comes from the business world, where workers send and receive a daily average of more than 130 emails.
The vast majority of emails involve the legitimate exchange of information. But, as you know, if you look in your spam folder, many others cannot be trusted. And the really troubling issue these days is that your spam folder won’t catch today’s cleverest and most malicious email scams, including impostor emails.
Impostor Emails Pose Growing Threat
Right now we’re in the midst of a global spike in the number of spear-phishing email attacks, which are also called impostor emails. In these attacks, scam artists send misleading emails to businesspeople—most often the chief financial officer, but sometimes officials in human resources, finance, payroll, or other offices.
The impostor emails usually look authentic, especially at a glance. Often they even have a real executive’s name and address in the “From” field, although the reply-to address is false. Some scams even begin with a phone call inquiring about specific staff members to gather the information that is then used to create more convincing emails.
The legitimate-looking emails may ask for tax information, wire transfers, or payment on overdue accounts. And if recipients aren’t paying close attention, are in a hurry, or want to impress the executive who is supposedly sending the email, the results can be disastrous.
Several years ago, the FBI’s Internet Crime Complaint Center started tracking impostor emails. Since then, this type of scam has hit more than 17,000 companies worldwide and scammed victims out of more than $2.3 billion. And that’s not to mention the loss of sensitive data. In some instances, personal information for current employees was compromised, and lead to tax fraud.
How Can You Recognize Impostor Emails?
As scammers become more sophisticated in their methods, it is becoming increasingly difficult to recognize impostor emails. Be suspicious, however, if you receive a work email that:
- Requests unusual, private, or sensitive information
- Asks you to bypass normal approval channels
- Emphasizes the urgency of the request
- Wants you to issue a wire transfer or other immediate payment
Similar rules apply when you receive emails in your private account. If you receive an unsolicited email from a business—even one you’ve interacted with before—be wary. Don’t open attachments or click on links before thinking twice and trying to determine if the email is legitimate.
In addition, if you are ever approached via email to share private information such as your Social Security number or financial information such as your credit card number, don’t do it. Instead, call the business to verify the request.
At work and at home, email is an important part of many people’s daily lives, but that doesn’t mean it comes without risks. Slow down, read your emails carefully, and think before you act—all of which will help ensure you don’t become a victim of impostor emails and other email scams.
About IDX
We're your proven partner in digital privacy protection with our evolving suite of privacy and identity products.