E-mail has become the main way for people to communicate at work, especially in international business cooperation, but at the same time, there are many scammers who use it to spread viruses or cheat people out of money.Whether it is domestic or international forwarder cooperation should be wary of network information security problems, especially E-mail fraud.
At the end of the year, cheaters are also struggle for their KPI, this period of time is the stage of frequent E-mail fraud, in order to prevent foreign trade freight forwarder friends to be cheated, let's take two real cases as examples, for you to summarize the cheaters' tricks and how to avoid network information security problems in our work and life.
Please refer to below cases for details:
Cheater A took the initiative to add a company’s sales’ WhatsApp impersonated to be the client who contact with the sales for a long time. And he asked the sales about services process after payment etc. Cheater A used the sales’ words and sent email to client as below, to persuade client to do the payment.
The client did not identify cheater A’s trick and had been paid to cheater A. Through picture below, Cheater A’s email is mailto:virendra.vamsipharma@gmail.com, it’s not the sales email address(**@company.net).
After finished payment, Ashraf sent bank slip to the real sales. This sales noticed that Ashraf did not pay their company’s account and contact with Ashraf immediately, informed that he paid a wrong account. Fortunately, because the payment time was not long, the money was back, avoided the loss this time.
This case happened between two logistics companies, they are logistics company in China and logistics company in Malaysia.
These two companies’ communication was mainly based on emails. When Chinese logistics company started to pay Malaysia logistics company, the Malaysia logistics company’s email was hacked. Cheater B used a fake email<**@**wide.world>, pretending to be a real email<**@**worldwide.com>, to send email to Chinese logistics company as below. We can see these two email address are very similar.
In the email, Cheater B said that they can not receive money from the account he sent last time, so cheater B sent a new invoice and required to pay a new account. According to the staff from Chinese logistics company, in the bank information sent by Cheater B, the recipients had the same company name, but the registered is in Portugal not in Malaysia.
Correct email↓:
Wrong email↓:
Because Cheater B’s trick was difficult to identify, Chinese logistics company eventually paid the money to the false account offered by cheater B. The victim company has called the police and bank is dealing with this matter.
"2021 network security, start from me". In view of the network security problems that we may encounter in our work, especially the email fraud problem, some technical solutions are given as following:
1. Counterfeiting email addresses and register similar domain names, eg: the correct domain name: <**@**worldwide.com>, fake domain name: <**@**wide.world>;
2. Using the alias field property of the email account, using public mailbox (such as Gmail) to impersonate other people's accounts, which accounts for the highest proportion. At the same time, because the actual sender address is real, interactive fraud can be conducted;
3. Disguising a acquaintance to chat with you on the chat software to I am writing to see if you winkle personal information, business information, etc;
4. Disguising as a customer to send you a bank slip and etc., attachments masquerade as compressed files and etc., but the email addresses have different suffixes;
5. Disguising as a buyer to inquire, and then ask to click the link in the email to see the product information;
6. Disguising as an email server to send you an email message, asking you to click a link;
7. Hacking into your mailbox through your clicks to obtain your email information and trade secrets;
8. The email contains third-party links. Be alert to phishing emails. If you click such malicious links, hackers will obtain user information or execute malicious code;
9. In order to get users to take the bait, hackers will pretend to be administrators to send users "upgrade notice", "winning notification", "send back letter", "space change", "account freeze", "government notice", "hot topic", "shopping order!"", "Wall Street insider", "UPS or FedEx confirmation", "cheap flights, hotels, cruises"... and many other seemingly "official channels." The more seductive the content, the more cautious you should be.
1. If you receive an email about the change of your bank account, be alert and be sure to reconfirm it by phone, chatting software (such as WhatsApp, WeChat) and other means;
2. When receiving emails related to money, you should double check whether the email address is the same or not. If not, you should confirm with the recipient by phone or chatting software (such as WhatsApp or WeChat);
3. If you receive a suspicious email from your friends or clients, please do not click on any link or download or open the attached attachment;
4. Double check the subject line and the sender's email address of the email you receive and confirm if it's the same as the company you're contacting and if there's any spelling difference. If any doubt, do a web browser search for the company's real URL and then compare it with the URL in the email. If spam mail, delete it directly;
5. Carefully screen the contents and attachments of emails. Do not open, click on the attachments and links in emails with suspected email addresses and contents, and directly delete the emails;
6. It is better not to connect to the WiFi in public areas;
7. Develop a habit of antivirus your computer, do not run software from unknown sources, to prevent virus attack;
8. Use strong passwords(Password strength is a measure of the effectiveness of a password against guessing or brute-force attacks. )
Dansk Bilspedition A/S
