Summer time is scam time
Over the summer, many of us are on holiday and staffing levels are lower than usual. Cybercriminals know this, which is why the summer is often peak season for internet scams. It’s important we are extra vigilant with the emails we receive over the holiday period.
It’s summer, and soon most of us will be heading off on holiday. This is something cybercriminals will try to profit from. Every summer, there is an increase in phishing attempts, fake invoices and CEO fraud, which is when scammers send fraudulent emails or texts purporting to be from your boss on vacation.
AU Accounts was recently the target of invoice fraud, when it received a forged invoice that appeared to come from a real company. On the surface, everything looked fine – but the account number was wrong.
This was discovered in time when AU Accounts contacted the company, who revealed they knew nothing about the invoice. The attempted fraud has now been reported to the police.
Anyone can be the victim of fraud
“This isn’t new for us. Every time there is a holiday we see an increase in this kind of scam trying to con AU out of money,” says Lise K. Mortensen, team leader for Accounts Payable in AU Accounts.
She explains that the episode has given rise to an increased focus in AU Accounts on how to spot false invoices and similar fraudulent documents.
Thomas Kaaber, head of information security at AU, also recognises that phishing, CEO fraud and other types of cybercrime are more prevalent and targeted at individual employees in all types of jobs when the holidays are just around the corner and managers may already be away. He encourages staff to be extra vigilant with the emails they receive over the next few weeks.
“It’s about spotting things that are different from normal. Perhaps the wording in the text is different, or perhaps the email asks you to do something you don’t usually do,” says Thomas Kaaber.
One in five fell into the trap
In spring this year, the information security department at AU carried out an internal phishing awareness campaign, during which staff were sent an email with a false phishing attempt. One in five members of staff clicked on the link in the email, and only one in ten reported the phishing attempt correctly in Outlook.
“This is a testament to how cunning and clever cybercriminals are and we need to raise awareness of phishing and cybersecurity. It can happen to anyone if you’re caught off guard and the best way to combat phishing is to share our experiences with each other so that we raise our awareness,” says Thomas Kaaber.
Count to ten and spot a scam
Scam emails will often be framed as an urgent situation that requires you to pay an invoice or click on a click, which is harmful. So it’s important that you are critical of the emails you receive and that you count to ten before clicking on any links or opening any attachments.
Although the people who send phishing emails and other scam emails try to conceal themselves, there are a few things you can look out for:
- Check the email address of the sender. Cybercriminals often send from domains that look legitimate at first glance. For example, ‘@uniau.dk’ instead of ‘@au.dk’ or ‘postnord.org’ instead of ‘@postnord.dk’.
- Look out for spelling errors or unusual wording. Scam emails are often machine translated from a foreign language, but as AI tools become more widespread and advanced, it’s also more difficult to spot mistakes.
- Keep your information secure. No real company or authority would ask you to hand over sensitive information like your AUID or your bank account in an email.
It is easy to report scam emails in Outlook –
.Reporting phishing emails is an important part of our efforts to protect staff at AU from cybercrime.
.