Suspicious emails (Cybersecurity Awareness Month: Week 3)

18 October 2021

Most people are familiar with terms like phishing, where a cybercriminal ‘hooks’ you in via email, text or phone asking for money or information. But fraudsters are now becoming more and more sophisticated in their methods.

We’ve seen a recent trend over the past 18 months where supplier’s emails are hacked and used to commit mandate fraud. This can often be the result of poor password security – which we covered in week 2.

Much focus has been placed on spotting fake and spoofed emails in the last few years. While this is still important, we now need to ensure everyone is alert to suspicious emails that may come from a genuine account, like a colleague or known supplier, which has actually been hacked.

What is mandate fraud?

We’ve seen mandate fraud attempts at many of Veritau’s clients. This usually involves a fraudster posing as a creditor or supplier, requesting a change in bank details. Fortunately most of them have not been successful.

Often the pressure is piled on, asking the staff member to urgently provide information, make a payment, or hand over secure details.

Recently one local authority received an email from a supplier and noticed something didn’t seem quite right. After a contractor sent an invoice to the council, a follow-up email was sent advising that they were having issues with their bank. The email asked the council to swiftly pay the invoice to a foreign bank account, instead of their usual UK-based account.

There were a couple of subtle warning signs in this email, such as Americanised spelling (eg “apologize”) where UK spelling had previously been used. Additionally the new invoice that was issued had an ‘s’ added on the end of the business name.

Thankfully the council officers spotted that something wasn’t right and asked the fraud team to have a look over it. It appears that the contractor’s email account had been compromised and fraudster had been monitoring the account, waiting for an opportunity.

Important things to remember

Always use previously established contact methods to verify the source. If these have changed recently, double check against the company’s website or LinkedIn page. If you’ve received a suspicious email, phone the person it’s supposed to have come from. If their account has been hacked, emailing them will only take you back to the fraudster.

Treat unusual requests for payments extremely cautiously, and never allow yourself to be pressured into bypassing agreed verification processes. Look out for spelling and grammar mistakes, an unusual tone of voice, or anything else that seems suspicious. Never assume that a request is safe because a colleague trusts the source.

Always keep your passwords secure, and use a different password for all your accounts (we covered password security in week 2). If your account is compromised, cybercriminals could access a myriad of important data and financial information.

If you suspect you’ve been hacked, change all your passwords immediately. For more information, contact your IT team or visit the NCSC’s website

Recap Cybersecurity Awareness Month