Service Announcement – Email scammers warning

Scam Warning

Here at CCCit we have been made aware of a number of businesses that have fallen for an email spoofing scam which could end up costing them a tremendous amount of money.

Scammers are doing their research and are finding out the key decision makers within a business. This includes finding out who the owners, managing directors and staff working in the finance/accounts departments are. When they know this information they spoof the email address of an owner or director to impersonate them, an email is then sent to key finance resources asking to transfer potentially thousands of pounds into a bank account owned by the scammers themselves.

As emails look to be coming from legitimate email addresses belonging to owners or directors of the business many people have been fooled and this, in turn, has left them considerably out of pocket. Companies caught out by this type of scam will find it tremendously difficult to recover the lost funds as many banks will have very little sympathy.

What is spoofing an email?

Spoofing an email is as simple as sending an email with a forged or fake sender address. This address might be owner@yourcompany.co.uk however when you respond, the reply address will belong to the scammer e.g. scammer@scamaddress.co.uk
Spoofing an email is a comparatively simple thing to do, as the main protocols that email use had originally been developed to be open and basic with only a small number of people enable the more advanced security features.

Protecting your business

Due to the nature of spoofed emails, even with the correct security features in place it can still be very difficult to prevent a scammer from setting up an email to look like it has come from an owner or managing director. Some technical prevention methods have been set-out below although one of the most important prevention methods is staff awareness training and implementing processes that limit the risk.

Staff training – It is important for staff to recognize a fake email or invoices and what to do if they receive one. It is essential to make your accounts payable personnel aware of possible scams and train them to follow policies on purchasing and processing of payments. These processes should be documented and available to all employees.

Obvious Indicators of fraud:

- An incorrect domain name used to send emails, invoices and fund transfers. Hovering over the email address may reveal the originator’s email address if different from that displayed.

- The delivery address is not a company address.

- Poorly written email with grammatical errors.

- Use of a false or unknown contact from the company. If requests for quotations, invoices, purchase orders or fund transfers are received from a new company contact or account that raises your suspicion then please contact the person directly to verify the validity of the request. Do not contact the name/number used on the email/invoice/purchase order.

- Phone numbers not associated with the Business.

- Unusually large amounts are requested.

Purchase Order Process – It is a good policy to implement a purchase order process which requires a purchase order for all payments made using company money. Most popular accounting software will include the ability to create purchase orders or incorporate a purchase order system to make sure any payments or transfers are correctly authorised and properly recorded. These authorisation systems do not rely on email making it extremely difficult for a fraudster to replicate and it will make spotting a genuine fund transfer much easier.
Some popular cloud based accounting software that support purchase orders are Xero and QuickBooks Online.

SPF and DKIM Email Vailidation – Authentication is a way to prove an email is not fake. Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) are both ways to implement email validation systems which detect email spoofing. SPF achieves this by allowing your email server to check the emails you receive are coming from a host that is authorised to send from that domain. When you receive an email that is not from an authorised server but seeming to appear to come from that servers sending domain, it will either be marked as SPAM or not delivered.
DKIM and DomainKeys embed information in the email, which makes it harder to copy (but they can also be more difficult to implement for senders and receivers).
Some scam emails you receive may not come from your companies exact domain name. For example, they may seem to come from someone within the business using a personal or slight variation on the company email not protected by SPF or DomainKeys. As there are many variations on the kind of emails you may receive the steps above should not be the only precautions taken and implementing these methods would be considered as an added security measure.

Protect yourself using services from CCCit

CCCit implementing SPF across domains and email servers we manage is something we carry out as standard. In some cases, we also recommend implementing DKIM along with SFP. Enabling spam filters as well as managing anti-virus and patching across a network are also very important in reducing the risk of being a victim of a scam, CCCit implement and manage all these areas for our support customers. We can also provide help in getting you setup using a secure online purchase order system allowing you to safely and reliably validate all purchases and transfers of company funds.

To find out more about please contact CCCit on 0117 3700 050 or send an email.

Review’s Google Search Placing Results In A Fine

A judge in France has decided to rule against Caroline Doudet, a French blogger whose negative restaurant review was reported due to being “too prominent” in it’s Google search ranking. The judge’s order was that the title of the blog post had to be changed and Ms Doudet had to pay damages to the owners of the restaurant.
The decision was incredibly controversial due to the fact that it’s suggesting a high search ranking is a crime. Many people have questioned the validity of the order, and bloggers across the globe have spoken out in anger.
The claim put forward by the owners said that the strong prominence of the article was an unfair harm to their business, seeing as it portrayed them in a negative light and cost them valued customers.
The blog post that was made by Ms Doudet was called “The Place To Avoid in Cap-Ferret”, followed by the name of the restaurant, II Giardino. It’s located in southwestern France’s Aquitaine region.
The court’s documents stated that the review had featured 4th in the results when you searched for the name of the restaurant. The decision that the judge came to was that the title had to be altered, so the “place to avoid” was not as prominent in the results of a search.
The harm put forward on the restaurant was pointed out by the judge sitting in Bordeaux, who said that it was exacerbated by the blogger’s 3,000 followers on her literature and fashion blog. A famous blogger from Bristol has spoken out in outrage to his 5000+/- followers on Twitter.
Her article, which has now been removed, stated that there was a generally poor service and negative attitude on behalf of the restaurant’s owner when she visited the shop in August 2013. The owner found the entire article to be an issue, but the judge decided to just rule that the title be changed and a fine was sent to Ms Doudet.

Microsoft Phases Out Android Nokia X smartphones

Microsoft has announced that the company is going to stop developing future Android smartphones, except for those that are already available on the market. Nokia X smartphones will become an important part of Lumia range, running the Windows Phone OS instead, although Android handsets will still be supported.
The move came as Microsoft announced about 18,000 job cuts across the company’s workforce. According to Microsoft’s executive in charge with mobile devices Stephen Elop, Microsoft plans to increase Windows Phone OS popularity by targeting the cheaper smartphone segments that are also the fastest-growing at this time. Beyond the portfolio they have already planned, Microsoft intends to deliver additional low-cost Lumia mobile devices by interchanging Nokia X designs to new Windows Phone devices.
Ben Wood of CCS Insight stated that the move was intended to increase sales of Microsoft’s Lumia range, as the decision has been made before Microsoft’s takeover of Nokia. It seems like everyone scratched their heads prior to the initial release of Android-powered Nokia smartphones in February, as Wood has declared for BBC. Mr. Wood has said that phasing out Android devices was more like a strategic move meant to take the developments the company has made on the hardware to drive Lumia price to lower levels.