Watch Out for the Email Masquerade! A Quick Security Reminder

Let's talk about a sneaky tactic scammers are using to disrupt business and trick even the sharpest people: Email Masquerades, specifically when they impersonate company executives.

Think of it as a digital wolf in sheep's clothing. You're focused on your work when an email lands in your inbox. The sender's name looks right—it's your CEO, your CFO, or another leader. The subject line screams "URGENT," demanding your immediate attention.

But hold on. Before you click reply or take any action, it's crucial to pause and look closer. Behind that familiar name could be an imposter trying to trick you into:

• Wiring funds to a fraudulent account: "We need to pay this new vendor's invoice immediately!"

• Sharing sensitive company data: "Send me the Q3 financial reports right away."

• Clicking a malicious link: "Review this important document I've shared."

These scammers are clever. They create email addresses that are almost identical to the real ones, hoping you're too busy to notice the subtle differences.

How to Spot the Fakes (and Not Get Fooled)

Even the most careful person can be caught off guard. Here are four simple checks to keep you and our clients safe:

1. Check the 'From' Address. Closely.

   This is your number one defense. Don't just glance at the display name. Hover your mouse over the sender's name or tap on it to reveal the full email address. Is it jane.doe@yourcompany.com or something slightly off, like jane.doe@your-company.org or jane.d0e@yourcompany.com (with a zero instead of an 'o')? Any variation is a major red flag.

2. Listen for an Odd Tone & False Urgency.

   Does the email's language feel off? Is it filled with unusual grammar or a tone that doesn't sound like your executive? Scammers love to create a sense of panic, pressuring you to act now before you have a chance to think it through. Real leaders rarely make high-pressure demands like this over a single email.

3. Question Unusual Requests.

   If your "CFO" suddenly emails you with a request to buy a dozen gift cards for a client or asks for your personal login credentials, stop. Any request that falls outside of normal company procedures, especially those involving money or sensitive data, should be treated with suspicion.

4. When in Doubt, Verify Offline.

   If an email feels even slightly suspicious, do not reply to it. Instead, verify the request through a different channel. Call the executive on their known phone number, send them a quick message on Teams/Slack, or start a new email thread using their address from your trusted contacts list. A quick, "Just confirming you sent that email about the wire transfer?" can prevent a major incident.

Stay Sharp, Stay Secure

By staying vigilant, you're not just protecting your own inbox—you're protecting our entire organisation and the clients who trust us. If you spot a suspicious email, please report it to IT immediately.

Let's work together to keep the impostors out and our business secure.