1985 to 1989, in my teen age memories, Karamchand and Kitty are indelible. The Karamchand effect was evident, each conversation with my sister started with a carrot bite and ended with a “Shut Up Kitty”. Today, I feel like “the Karamchand” for SMEs, writing about decoding the email frauds.
In last three years, menace of email frauds has left SMEs completely unguarded. I hope to decode it for my wonderful SME laymen entrepreneurs.
Judwaa (Twin or Look alike) Style Email Fraud
On silver screen, it has almost caught every great film maker’s imagination. Be it Adaptation (Nicholas Cage), Parent Trap (Linsay Lohan), Bow Finger (Eddie Murphy), Double Impact (Van Damme), Man in the Iron Mask (Leonardo DiCarpio) or be it Don (Amitabh Bachhan), Angoor (Sanjiv Kumar), Chaalbaz (Sridevi).
Here, the fraudsters steal your identity. They somehow gain control on your email communication and deal with your parties as if you are dealing. They send emails on your behalf, reply emails on your behalf. You come to know about it only when your customers follows up for the consignment for which they have paid to you and you have not received it.
They could be your existing employee, ex-employee, competitor or a professional hacker.
They can advise your customers to deposit payment in fake accounts, or they can send deal-breaker quotations / terms to your prospects faking as you only, or they can attend your inquiries by giving competitive proposals. All that the customer or prospect will think is, It’s you. They can even give irresponsible answers to your customers or prospects, who will never return to you.
How can someone steal your identity and gain control over your email id?
The “God Father” way — By Betrayal
A displeased employee, or an ex-employee who knows the passwords of email system may share it with capable competitors who can exploit the access of your email systems. Or one can set auto forwarding of your emails on third party. Or one can keep sending sensitive information by email using personal or corporate email id. Or one might keep sending Blind Carbon Copy of important information / data to exploiters.
Check all your emails settings on email host, if any auto forwarding is set or not.
Keep practice of changing passwords every week with minimum 8 character, with at least one capital, one numeric, one symbol
Configure your corporate email system such that one copy of every email exchange by employees is received by superior
Do not allow access to personal email ids with exposed organization’s data
Configure your email system such that Blind Carbon Copy can be monitored / controlled / prohibited
The “Troy” way — By Infiltration
The exploiter sends you an email with plant. This plant in the attachment gets installed on your computer and your key strokes are sent by the plant to the exploiter who would know your email password and exploit it.
Have antivirus in every computer
Do not open unknown attachments
Do not access your emails from public computers like cybercafe
Always keep parental control on in your browser
The “Face off way” — By Identity Swapping
The exploiter send you an email with swapped identity. E.g. you have stored my name as Vishal Shah email@example.com your address book. Most of us have kept automatic saving of new address in address book. When we compose new email, we normally write first 2–3 characters of name of the person and email interface shows you email ids which you may select. Now, let’s say you receive an email from Vishal Shah firstname.lastname@example.org, auto saving option of address book will save it also. Now when you compose email to me, you may type vishal and promptly it will suggest email@example.com you may select it. And the fraud starts. In your sent items, it will show as Vishal Shah only unless you dig into email id.
check thoroughly the email id suggestions displayed by your email interface
If it displays irrelevant email id also, immediately delete that entry from address book
The “Robot” Way — by Creating Clone
The exploiter may register a domain which looks same as yours. e.g. if your email id is on bhavaniindia.com, they might register bhavanindia.com or they might register bhavaniindia.in or bhavanindia.co.in and start communicating with your customers. And the fraud starts.
Periodically send emails to your customers about your bank account details and email id written in larger fonts. e.g. b h a v a n i i n d i a . c o m to verify their records
If budget permits, take all possible extensions of your domain name.
The “Taken in Broad Daylight” Way — by intercepting your passwords
Exploiter may intercept your data exchange on Internet and get your passwords you submitted to your web hosting server.
Check if your email host is on SSL encryption or not
Do not use your enterprise emails on public wi-fi
If budget permits, keep dual password systems for users
A small step of caution will prevent fraud and save you from financial loss or competitive exploit.
Founder and CEO
Synersoft Technologies Pvt Ltd