[vc_row][vc_column][vc_column_text]
How to identify and avoid email scams
People have been lying in order to con each other out of things since we first began to communicate. In days gone by, the con man had one chance to trick their mark and then had to hightail it out of the area to avoid being hunted down by a lynch mob once the nefarious plot was revealed. Con men had to travel far and wide to find new victims and to avoid being captured. These days, it’s much easier for these scammers. Most of the world has internet, and therefore email, which serves to provide a never-ending supply of targets that can be safely plucked from thousands of miles away.
Why are email scams so popular?
Any scam has to be worth it or it’s not worth doing. A scam that is worth trying has to have a few criteria going for it:
-
A reasonable chance of success
-
Some protection against being discovered and captured
-
Practical in terms of cost and time
Email hits all of these in almost all cases.
A reasonable chance of success
The term ‘reasonable’ is a bit of a moving target. If a certain scam has a one percent chance of success, it is not reasonable for the scammer to travel from town to town and spend a few days at each in the hopes of hitting that one-in-100 mark. In those conditions, the scammer would want a much higher chance of success and so would likely discard any scam with such a poor chance of success.
However, when using email, the scammer has the ability to attempt the scam on literally thousands and possibly millions of targets in a short period of time. A one percent success rate in a pool of millions of targets makes almost any scam ‘reasonable’ to pursue.
Some protection against being discovered
Email provides an almost impenetrable veil to hide behind. Email scammers are not using their own email accounts to perpetrate the fraud. They are using disposable or stolen email accounts which cannot easily be traced back to them. In many cases, the scammers are also operating from countries with little or no internet laws or sophistication. Even if it were possible to identify them, the chances of getting local law enforcement to prosecute is slim.
Be practical in terms of cost and time
While the cost of internet use varies widely across the world, it’s not so expensive that it’s impractical to use for these types of scams. In first world countries almost every household has internet service. Even in less developed countries, wifi cafes are available to large chunks of the population. Many of these email cons are perpetrated by people who don’t even have internet in their house. They borrow
wifi from other places, or use internet cafes in their towns. This brings overhead cost to a very low level, even free in some cases.
An added advantage is that it takes very little time to send large numbers of emails. If the message is already typed up and ready to go, it’s possible for a scammer to send an email blast off in a few seconds from an internet cafe and then be gone.
Identifying and avoiding the most common email scams
Email scams and phishing are two very similar, but technically different things. The goal of phishing is usually to gain access to information through tricking someone into divulging their credentials to some important site such as their email or a bank. There’s usually a long game at work with phishing because gaining access to someone’s account is usually not the end goal; rather, using that information to perpetrate fraud or blackmail is common. In contrast, email scams are a shorter game. The goal of an email scam is generally limited to trying to trick someone into sending money to the scammer.
Many scams will attempt to direct you to a fraudulent website at some point. Using a browser that supports Google Safe Browsing such as Google Chrome, Apple Safari or Mozilla Firefox can alert you if you are directed to a known scam site. Safe Browsing only deals with your web activity, though. It can’t alert you about the safety of any particular email you’ve received.
With that goal in mind, an email scam can take any possible form that has a chance of succeeding. Anything that fits the criteria I listed previously is likely to be tried by email scammers. However, email scams that have proven to have worked before satisfy the criteria better. Those scams are known to have a reasonable chance of success and the ones we’ve seen repeated over and over fall roughly into the following categories.
Advance fee
The framework of an advance fee scam is this: You are offered something out of the blue (money, a car, a boat, etc.) for some reason (won a lottery, dead relative, stale bank account, etc.). The scammer wants to arrange for this desirable thing to be delivered to you, but in order to do so you will have to pay some fee in advance. Fees are usually explained as things like shipping fees or legal fees. The scammer promises to send you the item as soon as the advanced fee is paid.
The most common scams that fall under advanced fraud are:
-
Lottery winnings
The basic pitch is that a scammer informs you that you’ve won a lottery in some country, possibly your own. The winnings are substantial but can’t be paid to you until some fee is paid. The fee is usually described as a legal fee or money transfer and it must be paid in advance. The math is enticing: pay $5,000 in advance fees to get $1,000,000 in winnings. However, once the advance fee is paid, the winnings will never arrive.
-
Nigerian 419 beneficiary
Email scams originating in Nigeria have reached such epic proportions that the Nigerian Prince
has become a punchline of western pop culture. The term 419 refers to the section of the Nigerian penal code which covers fraud. 419 scams are identical in intent to the lottery winning scam in that you must pay some fee in order to release a larger amount of money. The first 419 scams usually involved the story that some rich and unknown relative had died and left money. Over time, however, the 419 scams have really strained the credulity of even the most naive people.
Avoidance
The transaction starts with a request from the scammer for you to send them money. In almost all cases, situations like this will be fraud to some degree. Your best defence is to simply not get involved at all and report the attempt to your law enforcement agency.
If there is some legitimate reason why you need to be involved with this, then do thorough research on the internet about the company and find other people who have dealt with them. Do not use any references supplied by the scammer because they will almost certainly be non-existent, or also be involved in the fraud and will confirm anything you ask in order to get you to send money. Offline references are helpful as well – it’s very easy to produce a website but it’s much harder to plant an entry in a phone book or government licensing listings. Do a thorough check using as many different resources as you can think of before sending any money.
Overpayment
The main difference between the Overpayment scam and the Advanced Fee scam is that that the Overpayment scam doesn’t ask for money in advance. Rather, the scammer will send you money first and then ask you to refund some part of it. In most cases, scammers use classified ads and other sites to identify people who are selling items. The scammer then contacts the seller, makes an offer, and then sends too much money to the seller citing some unusual reason for the overpayment and giving directions on how to handle the surplus. The seller will be instructed to either refund the difference to the buyer, or send it to some third party for shipping. The scam occurs because the money that the scammer sent is not valid, perhaps a fraudulent cheque. The entire scam hinges on the seller dispensing the surplus funds before they discover that the original money sent is fraudulent.
Avoidance
Recall that the main characteristic of this type of fraud is to send you too much money and ask that some portion of it be refunded or sent to some third party for some reason. The scammer may introduce this idea during the initial contact when they indicate they want to purchase whatever you’re selling, or it may not become apparent until the payment arrives. In either case, there should be no legitimate reason for money to be funnelled through you to a third party.
It’s also useful to stop and think for a minute about overpayments. If the situation were reversed, and you were buying something from someone you’d never heard of before and had no reason to trust, does it make sense to send that person money in advance at all? Never mind too much money and then ask them to return or forward a portion of it? The world is not such a trustworthy place that a transaction like that should seem normal.
Disaster relief and pulling at heart strings
This class of scam involves pulling at the heart strings of people to trick them into sending money for some sort of disaster relief fund or to save a group of puppies who are in some mortal danger. The critical part of this scam is to create a sense of incredible urgency. If the mark doesn’t send this money right now, something dire will happen to the suffering people or puppies. The scam counts on the fact that once our emotions are fully engaged, our critical thinking abilities tend to dip and we are more susceptible to falling prey.
In many cases the scammer will craft emails and possibly a website that looks like a legitimate charitable organization. In other cases, the scammer will just make up a convincingly fake charity name.
Avoidance
If you would like to donate money to a relief effort it’s best to donate directly to a reputable organization than responding to an email. Contacting an organization such as the Red Cross or Salvation Army directly will ensure that your funds do not end up in a scammer’s hands. It’s also the only way to ensure that you will get a proper charitable receipt for your donation.
If the organization in the email is not known to you, then follow the golden rule: do extensive background checks. All charitable organizations will need to be registered with their respective government in order to be eligible to issue tax receipts. Check the listings of the applicable government that the charity purports to be from to see if it really exists.
Work from home fraud
Work from home fraud gets its own category because of the complexity of the scheme. Some advance fee fraud uses working from home as its mechanism; requiring potential employees to pay an advanced fee for materials before employment,. But that’s not quite the same thing as work from home fraud.
Some cultures deem working from home to be the ultimate goal. Being able to make a living from your own home without having to deal with the commute or unpleasant coworkers is a very popular idea. Therefore, many people are very susceptible to work from home claims that normally would not stand up to much scrutiny. However, there are some tell-tale signs that the work is probably non-existent, which I will cover in the next section.
Avoidance
There are a lot of tell-tale signs to work from home fraud:
-
Money is required up front to get to work. While it’s not uncommon to have to provide some pre-employment things such as a criminal record check which you may have to pay for, paying for anything directly related to doing the job itself is a warning sign.
-
The work pays much more than it appears to be worth. Adverts claiming you can make $2,000 per week stuffing envelopes are hard to believe. We live in the age of assembly lines and robots. If the job involves doing repetitive manual labour of some kind, a robot could do that much better than a human so it makes no sense to pay humans to do it.
-
The work indicates that you’ll be doing work that would normally require higher education in an office setting. Jobs regarding the transcription of medical records abound, but most medical offices use well-known services to do this type of work because there can be some very high stakes if something is transcribed incorrectly. While some medical transcript companies may use home workers, they will usually have to have undergone some language and competency assessment rather than just replying to an email.
-
The work requires you to purchase kits of some sort that you can re-sell, or use to construct items for re-sale. If the job involves straight re-selling, such as selling cosmetics to friends, it makes more sense for your friends to just take the same job and get the wholesale rate rather than buy from you at retail. If the job involves constructing items for sale, I remind you that things are made by robots and assembly lines these days much more efficiently than humans can.
To prevent becoming a victim of work from home fraud, look for those telltale signs. You should also do research about the company in question. If they have a history of scamming people it’s likely that there will complaints about that company on the internet. Conversely, if there is no trace of the company at all, that is also a warning sign. Virtually every business has some kind of web site or email address so a company with no visible presence on the internet is unusual. Especially if you consider that this company is using email to contact you.
CEO fraud
CEO fraud involves identifying the person or people within a company who are in charge of the money, and then attempting to get them to transfer money out by impersonating someone with authority to do so, ie – the CEO.
It is very easy for scammers to use services like LinkedIn to search for all the employees of a given company, and then look at job titles to determine who has control over the money and who has the authority to direct fund transfers. From there, the attempted fraud can range from very complex and hard to catch, to very basic. The basic scam is to send a request to the money person instructing them to transfer some money to some bank account. While this may seem very basic, many companies wire money as a matter of routine so a request like this would not seem out of place. The instructions usually state that the money is for an important deal closing very shortly. There’s always some urgency for the funds to be transferred immediately in order to prevent some bigger loss to the company. The scammers hope that the money person does not have the type of relationship with the requester to see that the request is unusual and will fulfill the request right away.
Avoidance
I recently saw an unsuccessful attempt at CEO fraud. It didn’t work because the money person in this company had a good enough relationship with the CEO to note that the CEO did not normally sign their emails in that way, among other small details. The money person simply picked up the phone and confirmed with the CEO that it was not a valid request and saved the company a large chunk of money.
The best defence against CEO fraud is to ensure that your company has a set procedure for funds transfers which includes double-checks to make sure the request is valid. Another factor that helps defeat this type of fraud is to foster good working relationships at all levels. If a workplace is supportive of questions then the money person is more likely to lean across their desk to their coworker and say does this look right to you?
or pick up the phone and call the alleged requester directly.
How to respond to and report email scams
The first rule is to not respond to something that you think is fraudulent. If it happens at work, report it to your security team and your supervisor and let the company figure out the best course of action.
If scam email comes in your personal email, the best course of action is to just delete it or mark it as spam if your email provider has that option. You can also report it to your law enforcement agencies as well. That can be a useful step because these agencies usually operate alert systems whereby they can reach a larger number of people to let them know this scam is happening now. It also helps these agencies gain an understanding of how deep and wide a scam is which can help track the people behind it.
Reporting in Canada
The Royal Canadian Mounted Police (RCMP) is Canada’s Federal police force. It outlines the police agencies to contact depending on the type of fraud. It also indicates that all types of fraud should be reported to the Canadian Anti-Fraud Centre which collects intelligence on mass fraud and identification theft in Canada.
Reporting in the United States
The Federal Bureau of Investigation (FBI) operates the Internet Crime Complaint Center (IC3) which is a central place for lodging complaints about internet fraud. The IC3 may share your complaint with the law enforcement agencies that have jurisdiction for a complaint.
Reporting in the United Kingdom
ActionFraud is the national reporting centre for fraud and email scams in the United Kingdom and works with the National Fraud Intelligence Bureau.
What are Internet Service Providers doing to help?
Internet Service Providers (ISP) and Email Service Provider (ESP) typically run extensive anti-spam software. This software analyzes incoming email messages and determines the likelihood of them being spam. Emails that are determined to be spam are usually placed in your Spam or Junk folder, while safe
emails are put into your inbox.
Many of the factors used to analyze an email are done behind the scenes and we don’t even see them in action. Spam filters look for things like:
-
Did the email originate from an authorized mail server? Domain owners have the ability to designate which servers are allowed to send email on behalf of their domain by the use of Sender Protection Framework (SPF) DNS records.
-
Does the sending mail server have a reputation for sending email spam?
-
Is the content of the email likely to be spam?
Some of these checks require collaboration to perform. For example, your single email provider may not have enough information to know if the mail server that sent the email has a reputation for sending spam. Likewise, judging the content of an email to be spam can be tricky because some people really are looking for low-rate mortgages and prescription drugs. Those types of checks are done using shared lists such as Spamhaus blacklists. Spamhaus has a large database of characteristics associated with email spam, so if an email shares some of those characteristics, there is a fairly decent chance it actually is spam of some sort.
Having said that, spammers are creative and they are very motivated to get their email scam into your inbox by avoiding these spam filters. There’s no surefire way to be confident that every email in your inbox is safe. Your common sense and paranoia is the last line of defence.
Where to stay on top of new email scams
Email scams are very fluid and change rapidly. Some become widespread and hit mainstream media news shows and newspapers, and some are smaller and come and go without much fanfare. Due to this it’s very difficult for any organization to keep up with a list of current scams in action. It’s therefore important to recognize the hallmarks of a scam, instead of attempting to identify specific characteristics of any one scam.
The governments of many countries maintain some sort of fraud bureau and may publish known scams as alerts which you can monitor.
The Canadian Competition Bureau publishes The Little Black Book of Scams periodically. It’s not clear how often it is updated, so it may not be as good as a current alert list. However, it seems to be the only scam alert type of information that the Canadian government produces.
[/vc_column_text][/vc_column][/vc_row][vc_row font_color="#ffffff" css=".vc_custom_1471641930410{background-color: #6994bf !important;}"][vc_column][vc_column_text css_animation="appear"]
Learn more about professional services provided by Managed Solution
[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]
To Learn More about Professional Services, contact us at 800-208-3617
[/vc_column_text][/vc_column][/vc_row]
Azure Backup’s cloud-first approach and why it matters
By Shreesh Dubey as written on azure.microsoft.com
Backup is all about how quickly you can be back up from a disaster or data loss situation. On this World Backup Day, this blog post is dedicated to explaining Azure Backup's cloud-first approach and how it helps you be back up quickly and securely.
Backup is a deeply entrenched market and companies generally tend to stick with their backup solution unless there are major shifts in the IT infrastructure. When such a shift occurs, companies are open to evaluating alternate backup solutions that offer significant value tied to that infrastructure shift.
Virtualization was a hardware infrastructure inflection that happened in the 2000s that allowed companies to significantly reduce their IT costs with the consolidation and portability benefits offered by virtualization. It also allowed new backup players to emerge and the ones that delivered significant value tied to virtualization became successful.
The infrastructure inflection currently underway is the shift to the public cloud and Azure Backup has taken a cloud-first approach to deliver maximum value for backup scenarios in a cloud-transformed IT environment.
Cloud-first value propositions
These are the benefits customers would likely expect in backup scenarios as they augment the public cloud to their IT infrastructure:
- Consistent management experience for Hybrid IT: Companies will be in a hybrid model where in addition to the on-premise IT, they will have a cloud foot print that has IaaS (“lift-and-shift applications”) that possibly extends to PaaS (“born-in-the-cloud applications”) and SaaS (O365). It is important to have a consistent experience to manage backups across the IT assets in this hybrid model.
- Agility: Business owners are seeking more agility offered by the public cloud where they can deploy solutions from the marketplace to meet their business needs. From a backup perspective, an application admin should be able to sign up for backup and do self-service restores without having to go through a central IT process to provision compute/storage in the cloud to enable backup.
- Reduce TCO (Total Cost of Ownership): A subscription based model (PAYG) is an obvious benefit of the public cloud, but it is also important to consider overall IT cost for backup. For example, if you need to deploy additional infrastructure in the cloud (compute and storage) for backups your overall costs would be higher.
- Freedom from infrastructure: This is one of the fundamental benefits companies seek when they move their IT to the cloud and since backup has a significant infrastructure footprint in on-premises IT (storage, compute, licenses, etc), an infrastructure-less backup solution would be a natural expectation for customers.
There are 3 possible approaches backup solutions can take to leverage the cloud inflection and it is important to consider how well they deliver on the above promises in each approach:
- Cloud as storage: In this model, the backup solution leverages the public cloud as a storage target for backup either for the second backup copy or to replace tape backups. The customer still needs to manage storage in the cloud, pay for any egress costs for restores, and manage bulk of backup infrastructure that is still on premises.
- Cloud as infrastructure: This is the next level where the customer can run the backup application in an IaaS VM, which can protect applications deployed in IaaS. While it does offer a similar experience, it can only protect IaaS VMs and not the other cloud assets (PaaS, SaaS) and has TCO implications. For example, a single IaaS VM only supports 32 TB of total addressable storage, which is far too small for a backup application so to back up at scale, customers need to deploy additional IaaS VMs, configure scale sets for availability and provision/manage backup storage, all of which adds to the overall TCO for backup. Also, as the name implies, it does not free the customer from infrastructure management which is a fundamental promise of moving to the cloud.
- Cloud as platform: Backup can be built in a PaaS model to deliver backup as a service and architected to provide a consistent management experience to both on premises infrastructure as well as backup for born-in-the-cloud applications (IaaS, PaaS, and SaaS). Since all the service infrastructure is owned and managed by the service, there would be no additional costs for the backup and there is complete freedom from managing infrastructure associated with backup.
Azure Backup is architected from the ground-up as a first-class PaaS service in Azure as described in approach 3 and delivers on the cloud promises customers expect as they cloud transform their IT infrastructure.
In addition, since it is a first-party service in Azure, it can also leverage other services in Azure to deliver value beyond backup scenarios. For example, rich monitoring and reporting using PowerBI or the capability to do advanced analytics on backup data in Azure.
Compelling backup scenarios enabled by the cloud first architecture
The cloud-first approach of Azure Backup provides unique benefits to customers which are either difficult or not possible in traditional approaches.
- Native Backup for IaaS/PaaS: Azure Backup seamlessly integrates with IaaS VM by providing an enable-backup experience in the VM blade itself. A VM extension is deployed when the customer chooses to enable backup and with a few clicks, the IaaS VM is configured for backup. Backup can also be enabled via ARM templates and it supports all the features of IaaS VMs such as disk encryption, premium disks etc. This capability will be extended for SQL Azure, Azure Files, and other Azure PaaS assets like WebApps and Service Fabric for a first-class backup experience in Azure.
- Restore as a service: One of the key concerns customers have when they store their backups in the cloud is the restore experience. There are egress costs, the time it takes to restore data back on premises and handling encryption requirements. Restore operation typically requires all the data has to be restored on premises or a restore appliance needs to be hydrated in the cloud to browse items from the cloud restore points. Azure Backup, restore-as-a-service feature uses a unique approach to mount a cloud recovery point as a volume and browse it to enable item-level-restore. The customer does not need to provision any infrastructure and the egress from Azure is free which are both unique value propositions of Azure Backup. This feature is currently available for IaaS VMS (Windows and Linux) and on premise Windows servers. The same capability for System Center Data Protection Manager and Microsoft Azure Backup Server will be available over the next few months.
- Secure Cloud Backups: Azure Backup leverages Azure authentication services to provide multiple layers of security to secure cloud backups against malware attacks such as ransomware. While the predominant ransomware attacks are limited to infecting on-premises data, some of the more evolved ransomware attacks also target backup copies of the data. Typical infections include reducing backup retention, re-encrypting data, and deleting backup schedule/copies that are initiated from compromised machines. Azure backup has several layers of protection to prevent and alert against such attacks.
Achieve IT infrastructure cost savings of at least 50%
Call Southern California’s most trusted name in cloud at 800-208-3617 for real time pricing and a cost benefit analysis for Microsoft’s Azure and Amazon’s AWS.
[vc_row][vc_column][vc_column_text]
Simple, automated protection and disaster recovery in the cloud
our environment can be protected by automating the replication of the virtual machines based on policies that you set and control. Site Recovery can protect Hyper-V, VMware and physical servers and you can use Azure or your secondary datacenter as your recovery site. Site Recovery coordinates and manages the ongoing replication of data by integrating with existing technologies including System Center and SQL Server AlwaysOn.
[/vc_column_text][/vc_column][/vc_row][vc_row font_color="#ffffff" css=".vc_custom_1471641930410{background-color: #6994bf !important;}"][vc_column][vc_column_text css_animation="appear"]
Learn more about professional services provided by Managed Solution
[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]
To Learn More about Professional Services, contact us at 800-208-3617
[/vc_column_text][/vc_column][/vc_row]