1985 to 1989, in my teen age memories, Karamchand and Kitty are indelible. The Karamchand effect was evident, each conversation with my sister started with a carrot bite and ended with a “Shut Up Kitty”. Today, I feel like “the Karamchand” for SMEs, writing about decoding the email frauds.
In last three years, menace of email frauds has left SMEs completely unguarded. I hope to decode it for my wonderful SME laymen entrepreneurs.
On silver screen, it has almost caught every great film maker’s imagination. Be it Adaptation (Nicholas Cage), Parent Trap (Linsay Lohan), Bow Finger (Eddie Murphy), Double Impact (Van Damme), Man in the Iron Mask (Leonardo DiCarpio) or be it Don (Amitabh Bachhan),Angoor (Sanjiv Kumar), Chaalbaz (Sridevi).
Here, the fraudsters steal your identity. They somehow gain control on your email communication and deal with your parties as if you are dealing. They send emails on your behalf, reply emails on your behalf. You come to know about it only when your customers follows up for the consignment for which they have paid to you and you have not received it.
They could be your existing employee, ex-employee, competitor or a professional hacker.
They can advise your customers to deposit payment in fake accounts, or they can send deal-breaker quotations / terms to your prospects faking as you only, or they can attend your inquiries by giving competitive proposals. All that the customer or prospect will think is, It’s you. They can even give irresponsible answers to your customers or prospects, who will never return to you.
How can someone steal your identity and gain control over your email id?
A displeased employee, or an ex-employee who knows the passwords of email system may share it with capable competitors who can exploit the access of your email systems. Or one can set auto forwarding of your emails on third party. Or one can keep sending sensitive information by email using personal or corporate email id. Or one might keep sending Blind Carbon Copy of important information / data to exploiters.
The exploiter sends you an email with plant. This plant in the attachment gets installed on your computer and your key strokes are sent by the plant to the exploiter who would know your email password and exploit it.
Precautions
The exploiter send you an email with swapped identity. E.g. you have stored my name as Vishal Shah vishal@synersoft.iniin your address book. Most of us have kept automatic saving of new address in address book. When we compose new email, we normally write first 2-3 characters of name of the person and email interface shows you email ids which you may select. Now, let’s say you receive an email from Vishal Shah vishal@exploiter.in, auto saving option of address book will save it also. Now when you compose email to me, you may type vishal and promptly it will suggest vishal@exploiter.inand you may select it. And the fraud starts. In your sent items, it will show as Vishal Shah only unless you dig into email id.
Precautions
The exploiter may register a domain which looks same as yours. e.g. if your email id is on bhavaniindia.com, they might register bhavanindia.com or they might register bhavaniindia.in or bhavanindia.co.in and start communicating with your customers. And the fraud starts.
Precautions
Exploiter may intercept your data exchange on Internet and get your passwords you submitted to your web hosting server.
Precautions
A small step of caution will prevent fraud and save you from financial loss or competitive exploit.