How to avoid email scams in the workplaceLast month the southeastern Minnesota SCORE Chapter and the Small Business Development Center sponsored a workshop on cyber security for the small-business owner. It was a wonderful, practical experience for owners who want to protect their data and gave them some specific homework to begin working on the task.
By: Dean Swanson, The Republican Eagle
Last month the southeastern Minnesota SCORE Chapter and the Small Business Development Center sponsored a workshop on cyber security for the small-business owner. It was a wonderful, practical experience for owners who want to protect their data and gave them some specific homework to begin working on the task.
Two of the attendees and another SCORE client later contacted me and asked for more details about understanding how to tell if an email is a fake or not. At the workshop, the presenter had suggested that if you don’t know the sender, don’t open and also be careful because it can be a stolen name and look like a person you know. Some look so real and some even have a recognizable logo so it makes it difficult.
How can you tell if it is a fake?
There really are a few things you should know to keep you out of trouble and one of the most important and easiest to do is to understand web addresses.
A large number of scams involve tricking you into visiting a malicious website and many of them are easy to spot. A resource that I went to for some suggestions on this is Gary Braley, who is a technology consultant to small businesses. His first comment is that email and web addresses up to the “.com/” part is what matters and he said people should start here.
“There was a time when fraudulent messages were so phony they were easy to spot — not anymore,” he said. “ I’m going to show you three real messages I received and how I determined they were all fakes. In every case, I looked at the two or three characters preceding the first slash; this is called the top level domain (TLD). The IRS for example would likely have a TLD of .gov.”
To see a complete listing of TLDs including generic ones (.US, .GOV, EDU) and country codes (.US, .CA, etc.) go to http://www.iana.org/domains/root/db.
Here are Braley’s examples that he got recently including his comments about spotting a fake:
This example appears to let you see your credit scores.
Friday, May 4, 2012
____View your-scores from all three-credit-bureaus__
http://critical.protectyouridentitytoday.in/13269635289474422631174596eeac4277e3f (the TLD is .in so it is registered in India)
This example requests information about a job application.
Dear job applicant
Thank you for submitting your information for open work opportunities.
We look forward to reviewing your application, but cannot do so until you complete our internal application.
The pay range for open openings range from $35.77/hr to $57.62 /hr.
Before you are being considered, we will first have you to formally apply.
Please go here to begin the process:
http://ur1.ca/95vkg (.ca is a site registered in Canada)
Please take the time to follow the directions and complete the complete
Yours truly, Tod Acosta
This example is probably the scariest one since it looks like a tax problem.
(Big official IRS Logo at the top)
Sent from email address IRS@Gov.US (email return addresses are easily faked)
This is to Inform you the Internal Revenue Service (IRS) is conducting a new Intelligent Citizen online tax payers personal Information and Profile update that has just being Initiated by the united states government (Uncle Sam) for those who are regular tax payers to file for their tax returns. Please pay attention, that IRS [Section 6038(b)(1)]assigns a money penalty to the amount of $10,000 for each [Form 5471] that is sent later than the due date of the income tax returne, or does not comprise the thorough information described in [Section 6038(a)].
You we be released from the penalty if the taxpayer shows that the failure to meet the deadline for filling was caused by substantial reasons.
Please use the link below to enter our official site and obtain more information.
Internal Revenue Service United States
Department of the Treasury
Braley comments “You cannot tell by looking at the link address but if you copy and paste it into your browser address bar, it takes you to a site called Game Gavel.com — not quite where you’d expect to go for IRS info.”
My suggestion to small businesses is to always be on guard for fakes over the internet and email.
Dean L. Swanson is a volunteer mentor and southeastern Minnesota district director for SCORE.