Electronic mail (email) has been around since the mid-nineties and is now the most used form of business communication. Over 300 billion emails are sent every year in the UK alone.
That’s a lot of emails.
It’s easy to see why it has become the preferred mode of communication in most cases, as it is fast, and free. Regrettably however, email is not a particularly safe or secure method of communication. Whereas services like WhatsApp encrypt messages “end to end” meaning they can only be read by the sender and receiver, the vast majority of emails are sent unencrypted. It’s therefore important for us all to be aware of the dangers that emails can present, especially when sharing sensitive data such as our bank account details. Examples of things to beware of include:
Email Spoofing: This is a technique that criminals use to send emails that appear to be from a legitimate source. This can be done by changing the sender’s email address to make it look like it originated from your bank or another trusted organization. The “fake boss” email is a typical example. This is where an employee, often in the accounts department, receives an email claiming to be from their “boss” and asking them to make an unusual payment. I personally get emails like this on a regular basis. Thankfully, I haven’t “fallen victim” to one yet, and hope never to, hence the need for vigilance at all times.
Man-in-the-Middle Attack: This is where a criminal intercepts your email before it reaches the intended recipient. This can be done by hacking into either your email account, your service provider’s account, or the recipient’s account.
Once a hacker manages to intercept your email, they can read it, change the content, or delete it altogether. This type of attack could be very damaging, particularly in a scenario where you have written your bank details in the email and the criminal alters the details to a different bank account before sending the email on to the recipient.
The “Payee Check” which many banks now use to verify that the name on an account matches the sort code and account number when making an electronic payment does assist to combat this, but the danger remains very real.
It is primarily because of the danger associated with this particular form of cyber-attack that we always advise our clients to never send us their bank details in the body of an email, but to always attach such details to the email as a PDF document instead. PDF documents are much harder to change if your email ever gets intercepted. Alternatively, we send out the form requesting confirmation of our clients’ bank details at the start of their matters. By completing and returning this form to us, either in the post or at a subsequent face to face meeting, you would be eradicating the danger of your bank details falling into the wrong hands or being altered by fraudsters. Another option, which is much safer than sending your bank details via email, is to complete the details on DocuSign, an electronic service we use, which is much more secure.
Phishing Attack: This is probably the most common form of email scam. A phishing attack is aimed at tricking the recipient into revealing their personal information, such as passwords, card numbers and bank account details.
In a phishing attack, the perpetrators will typically send you an email which appears to be from a legitimate source. The email will often contain a link that, when clicked on, will take you to a fake website which almost perfectly replicates your bank or another trusted (usually financial) organization. Once you enter your personal information on the fake website, it becomes easier for the criminals to use it to carry out fraudulent activities against you and/or quite often, using your identity.
How to protect yourself as best as you can
There are a few things you can do to protect yourself from the dangers of sharing sensitive information by email:
- Never click on links in emails from people you don’t know.
- Be suspicious of emails that ask for your personal information, such as your bank account details, passwords, pin numbers and other such confidential information.
- Check the sender’s email address carefully before opening an email, remember that hackers are tirelessly perfecting their methods, and be more vigilant.
- Only use secure websites when entering your personal information online.
- Enable two-factor authentication on your bank accounts, email and social media accounts. It will ensure that a verification or authenticating text message is sent to your phone or email before access to your account is granted. This is probably one of the most effective steps you can take to protect yourself online.
While these measures are not 100% fail safe, you will be in far better position to protect yourself from cyber-attacks if one or all of them are utilised and implemented. If however, you have any reason to believe that you may have fallen victim of any kind of scam which may compromise your bank or credit card details, then you must contact your bank and credit card provider without delay.
Author: Mark Everitt