Running a business is hard. It requires a lot of energy and can be mentally draining. As an entrepreneur there can be so much on your plate sometimes, you just don't pay attention when doing mundane tasks, like checking email.
This is how it becomes easy to fall prey to an email scam.
A rise in spam email
We've noticed our inbox has been full of scammer emails lately. While we normally share them amongst the team, to make sure we're all staying vigilant, we decided to share them on our blog as well. The idea is to raise awareness and help prevent unsuspecting people from being taken advantage of. Clicking the wrong link can be disastrous. Scam emails can range from incredibly easy to spot - like the Nigerian Prince that just needs you to help him save his fortune - to legit looking like this one reported in the Kingston News.
Spreading awareness can help keep everyone safe
When it's a blatant scam, it's easy to laugh at the poor attempt, delete it and move on with your day. But if your business consists of more than one person, it's a good idea to get into the habit of sharing shady emails you receive with the rest of your team. You never know when someone might have an off day and not catch the scam, which can have serious consequences for your business.
Since Reach CPA is a remote firm, we have internal messaging channels that we use all the time. We have a Microsoft Teams channel dedicated to security and IT. Whenever someone receives an email that looks suspicious, we take a screenshot and pop it in the channel. A quick description of what makes the message scammy explains what tipped us off and helps the rest of the team learn to look out for these things. Even if your internal messaging system is just a corkboard in the staff room, it's a good idea to print off a screenshot and post it. You may be surprised at how many of your employees or co-workers don't know they shouldn't click every link that's emailed to them.
The bank Email
In this day in age, it's safe to say that pretty much everyone uses a bank, and probably has an online bank account. That's why scammers like to pretend they're a popular bank when they send phishing emails.
They send out a mass email stating that for some reason or other, you need to give them your information or you will lose access to your bank account. Who wouldn't be worried about that?
So you click the link and answer their questions to confirm your identity. But what you are really doing is giving them access to your password and personal information, as well as probably downloading a virus or malware. That can be very bad.
Let's take a look at an example:
At first glance, it looks like a typical email that's been sent to the junk folder - no logos or fancy text. But once you take a closer look, there are some red flags.
1) It's not personalized.
If you're on a business's mailing list, and you're a client, they're going to have your name linked to your email address. A company the size of this bank will take the time to code its mass emails to address clients by name. If we can do it with the monthly newsletters we send out, surely Royal Bank could figure it out.
2) Typos/spelling mistakes.
A company of this size is going to have an editing process. If you receive communication that is full of errors, it's safe to assume it didn't come from them. Look for things like missing capital letters, run-on or incomplete sentences and spelling mistakes. This whole paragraph contains multiple errors and does not make sense. A business like one of the biggest banks in Canada would do better.
3) A sketchy link.
Normally, if a company is asking you to fill out a form or complete some kind of task, the link they provide will be affiliated with their company. This means that any link they send would usually contain the company name & URL.
If this is not the case, any company worth their salt will explain in detail where the link they are sending you heads to such as "We use XXX company to help us gather and manage client data. Click the link and fill out a form, it takes 5 minutes"
Other red flags:
We don't do business with this bank.
The idea for these scams is to just send out a huge number of emails. Scammers know that most people are going to think "I don't bank with RBC " and delete it. The more emails they send out, the better the chances someone will really be a client of the bank and click the link.
Doesn't describe the new guidelines.
With a company of this size, any 'new guidelines' or processes would be communicated to clients in advance. Information about the changes would also be shared on their website. It makes sense for them to link to that post so that customers know what changes they are referring to.
Something terrible will happen unless you take action.
This sense of urgency is how they get most people. The fear of losing access to their money is enough incentive to get most people to click that link and answer questions before they clue in that they don't even have an RBC account.
We hope this helps raise awareness about the need to protect your business from email scams. Share information about scams with your team and encourage everyone to be vigilant when checking their emails.
Have a system in place for how to deal with suspicious emails, such as reporting it to your IT department, or posting it somewhere so that the rest of the team can be made aware of it. Don't let scammers take advantage of you or your business. Awareness is the best way to stay safe.