Four Types of Email Cons Using Social Engineering

Four Types of Email Cons Using Social Engineering

Posted by Charles Killmer - Netgain’s Security Officer on Apr 7, 2016 2:23:19 PM

chs-breach.jpgSocial Engineering is the psychological manipulation of people in an effort to have them perform actions or divulge confidential information, and it is a major security issue. For centuries, con artists have used this method to gather confidential information for criminal use. In the modern world, the con artist has additional tactics including the installation of malware.

Email has made the con artist’s job much easier. This article discusses four different types of email cons that individuals must be wary of.

  1. Email coming from credible looking address
    Many attacks display a “from” email address that looks legitimate. This is commonly used with companies such as FedEx or UPS as the sender. One way to avoid disaster is if you receive an email with a tracking number, never click on the link or open the attachment that the email provides. It’s always best to copy the tracking number and go to the website directly.
  2. “From” name is correct but the “From” address is hidden
    It becomes more difficult to detect whether an email came from a con artist when the email address is not shown. If the email is asking you to do something, call the person who sent the email to confirm the email actually came from them. Never click on the link or open the attachment that the email provides if the email has a hidden address.
  3. “From” name is correct but the “From” address is wrong
    One method to motivate a recipient to do something is to get them to think that the email is from their boss or the CEO. The email will show the contact’s name, however, looking closely one will notice that the email address behind the name is wrong. In this situation, you’ll again want to call the actual person to confirm they sent the email. Unless you get confirmation from the contact, never click on the link or open the attachment that the email provides. 
  4. “From” name is correct and the “From” address is correct
    Sometimes the con artist’s email even shows the correct email address. However, upon clicking reply, the email address changes to one controlled by the attacker. Again, always confirm requests by calling the person first before clicking on the link or opening the attachment that the email provides.

There are several common requests con artists ask of recipients. These include asking the recipient to send a wire transfer to an account, requesting the recipient’s W-2 forms, or including links and attachments to click or open. There can be major consequences that result from following through on the con artist’s requests. It could open up your device to malware installation, or worse, the loss of money from a tax refund fraud

Final Thoughts

Email is an amazing tool; unfortunately, it is easily forged. It’s important to understand that con artists are out there, and that you simply cannot rely on the validity of the displayed “From” address. This is especially true when the person is asking for confidential information, or includes links or attachments. As humans, we are naturally trusting beings, but there are some people that will take advantage of that trust any way they can. Be cautious, be careful, and don’t click too quickly.

If you wish to learn more about social engineering and the different types of email cons, please don’t hesitate to give me a call. I am more than happy to provide you with additional information.

Charles Killmer
Security Officer
877.797.4700 x107


New Call-to-action

Topics: email cons, social engineering

Thanks for visiting the Netgain IT blog.  The goal of our blog is to help our readers stay current on the changing needs and requirements of IT.  

We do this by proactively bringing ideas, expertise, and solutions to your attention, which enables you to communicate the related technology, security or compliance best practices to your employees.



Subscribe to Email Updates

Check out our latest resources:

New Call-to-action

New Call-to-action

New Call-to-action




Recent Posts

Posts by Topic

see all