Of all evenings for this to happen, Halloween…..

The boss is supposed to be on holiday but now he’s mailing you to insist you get some urgent payments made. What to do…? The internet seems to be running slowly, the noise from the kettle boiling sounds just a little too loud and now a black cat has wandered into the office…

At last, the payment has been sent – the boss will be happy and the day has been saved.

I say “saved”, but only if that email was genuine and the payments were authentic. Your view of the room skews, you can’t seem to balance, your legs won’t move……..until you awake, panicked and confused for a moment before realising it was all a dream.

Sadly, it’s not always a dream. A couple of variations on this theme are;

1 – the perpetrator will register a domain very similar to your own, e.g. where your valid domain is “mycompany.com”, they register “myconpany.com”
An email from your boss@myconpany.com may well, at first (and second) glance, not look out of place.

2 – Another technique is where the sender simply spoofs the address so the mail appears to have come from the correct sender. At the time you reply you may then see the actual destination is different – again, easy to miss.

It’s very easy to think you wouldn’t be caught in this way. Perhaps you have procedures in place, paper copies of invoices are always required, etc. but in the heat of the moment when the ‘wrong’ mail arrives to the right person on an off day the end result could be a four figure payment which cannot be traced or recovered after the event. It happens – we have had two separate clients have similar approaches made to them in recent months and, while both circumstances ended well, there are documented cases of big corporations getting caught out for some embarrassingly large sums of money.

In keeping with our advice in other articles on our site, have a degree of scepticism with emails in general. Always try to validate an email and its content and, when it comes to fulfilling payment requests, perhaps have a two step process which requires some additional validation beyond email.

I’ll leave you to ponder the above thoughts. Sleep soundly…………

Part of the “May contain nuts” series of short articles discussing familiar topics which we should all revisit once in a while.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

A Nightmare on Email Street….

Get in Touch

Follow us

Site Map

Sign up for IT tips to save you time, money and stress!