Shut up Kitty, says Karamchand, Decoding the Email Frauds

1985 to 1989, in my teen age memories, Karamchand and Kitty are indelible. The Karamchand effect was evident, each conversation with my sister started with a carrot bite and ended with a “Shut Up Kitty”. Today, I feel like “the Karamchand” for SMEs, writing about decoding the email frauds.

In last three years, menace of email frauds has left SMEs completely unguarded. I hope to decode it for my wonderful SME laymen entrepreneurs.

Judwaa (Twin or Look alike) Style Email Fraud

On silver screen, it has almost caught every great film maker’s imagination. Be it Adaptation (Nicholas Cage), Parent Trap (Linsay Lohan), Bow Finger (Eddie Murphy), Double Impact (Van Damme), Man in the Iron Mask (Leonardo DiCarpio) or be it Don (Amitabh Bachhan), Angoor (Sanjiv Kumar), Chaalbaz (Sridevi).

Here, the fraudsters steal your identity. They somehow gain control on your email communication and deal with your parties as if you are dealing. They send emails on your behalf, reply emails on your behalf. You come to know about it only when your customers follows up for the consignment for which they have paid to you and you have not received it.

They could be your existing employee, ex-employee, competitor or a professional hacker.

They can advise your customers to deposit payment in fake accounts, or they can send deal-breaker quotations / terms to your prospects faking as you only, or they can attend your inquiries by giving competitive proposals. All that the customer or prospect will think is, It’s you. They can even give irresponsible answers to your customers or prospects, who will never return to you.

How can someone steal your identity and gain control over your email id?

The “God Father” way — By Betrayal

A displeased employee, or an ex-employee who knows the passwords of email system may share it with capable competitors who can exploit the access of your email systems. Or one can set auto forwarding of your emails on third party. Or one can keep sending sensitive information by email using personal or corporate email id. Or one might keep sending Blind Carbon Copy of important information / data to exploiters.

Precautions

Check all your emails settings on email host, if any auto forwarding is set or not.

Keep practice of changing passwords every week with minimum 8 character, with at least one capital, one numeric, one symbol

Configure your corporate email system such that one copy of every email exchange by employees is received by superior

Do not allow access to personal email ids with exposed organization’s data

Configure your email system such that Blind Carbon Copy can be monitored / controlled / prohibited

The “Troy” way — By Infiltration

The exploiter sends you an email with plant. This plant in the attachment gets installed on your computer and your key strokes are sent by the plant to the exploiter who would know your email password and exploit it.

Precautions

Have antivirus in every computer

Do not open unknown attachments

Do not access your emails from public computers like cybercafe

Always keep parental control on in your browser

The “Face off way” — By Identity Swapping

The exploiter send you an email with swapped identity. E.g. you have stored my name as Vishal Shah vishal@synersoft.iniin your address book. Most of us have kept automatic saving of new address in address book. When we compose new email, we normally write first 2–3 characters of name of the person and email interface shows you email ids which you may select. Now, let’s say you receive an email from Vishal Shah vishal@exploiter.in, auto saving option of address book will save it also. Now when you compose email to me, you may type vishal and promptly it will suggest vishal@exploiter.inand you may select it. And the fraud starts. In your sent items, it will show as Vishal Shah only unless you dig into email id.

Precautions

check thoroughly the email id suggestions displayed by your email interface

If it displays irrelevant email id also, immediately delete that entry from address book

The “Robot” Way — by Creating Clone

The exploiter may register a domain which looks same as yours. e.g. if your email id is on bhavaniindia.com, they might register bhavanindia.com or they might register bhavaniindia.in or bhavanindia.co.in and start communicating with your customers. And the fraud starts.

Precautions

Periodically send emails to your customers about your bank account details and email id written in larger fonts. e.g. b h a v a n i i n d i a . c o m to verify their records

If budget permits, take all possible extensions of your domain name.

The “Taken in Broad Daylight” Way — by intercepting your passwords

Exploiter may intercept your data exchange on Internet and get your passwords you submitted to your web hosting server.

Precautions

Check if your email host is on SSL encryption or not

Do not use your enterprise emails on public wi-fi

If budget permits, keep dual password systems for users

A small step of caution will prevent fraud and save you from financial loss or competitive exploit.

Best Regards,

Vishal Shah

Founder and CEO

Synersoft Technologies Pvt Ltd

https://www.synersoft.in

Data Loss Prevention

Data Leakage Prevention

I am a leader who can play any requisite role to complement teamwork and achieve results. Over 22 years, through various opportunities in IT, I have evolved.