Understanding frauds via business email, how to recognize and avoid the risks.
Business fraud, especially fraud via email is becoming sophisticated with the purpose of stealing information and financial exploitation. Accordingly, it is also becoming more difficult to identify and be prepared when fraudsters always make subtle changes in the exchange of information or take advantage of business’s internal vulnerabilities.
To prevent risks of losing data, information as well as financial damage, business needs to fully understand all safety methods via this article.
Fraud via business email is a form of spear phishing attack. Fraudsters either use spoofed email or hack into your internal or partner's email accounts, enabling them to carry out these actions:
Fraudsters impersonate your partners (contractors, suppliers, creditors or senior executive board members), using email address with slight changes from the original one.
Particullarly, they add or remove characters, or use look alike characters. Read the examples as below:
Original email address |
Fake email address |
Fraud method |
nguyen.van.a@congty.com | nguyen.van.a@congtyy.com | Fraudsters add another “y” next to original email address to avoid detection |
lan@mail.com (with the lower L) | Ian@mail.com (with the capital i) | Fraudsters use look alike character |
Using a fraudulent email address, the fraudsters continue to send requests to the business’s payment department, demanding payments for overdue amounts to a new account provided by the fraudsters.
Fraudsters intrude unauthorized into the business or partner's email with the intention of altering or falsifying payment information, redirecting funds to a new account controlled by the fraudsters.
This can be done by malware through sending unverified links, documents, and data to internal emails. When an internal user accidentally accesses it, the malware spreads and allows the fraudsters to take over the account.
Businesses may suffer many damages from different aspects, such as:
When exchanging information via email with your partner, be cautious of any unusual payment requests. Always carefully verify the email address and provided payment details. Please ensure that email address matches exactly with the email address available in your records.
Make sure to confirm or discuss any changes in payment details with your partner (such as the director or project manager) through phone or direct communication. Take the initiative to research and verify contact information, and call your partner directly to ensure the accuracy of all requests.
Do not click on unfamiliar links or download attachments in emails, messages, or any other online content. If you have doubts, report it to the relevant department to prevent any potential risks.
Be wary of urgent emails or those that intentionally create pressure to take immediate action. Before proceeding with any transactions or contacting your partner, thoroughly review all essential information and consider confirming it directly.
If you require assistance, please contact:
Techcombank would like to inform you the upgrading services schedule for both individual and corporate customers