Criminal Law, Cyber Crimes, Cyber Law, Cyber Lawyer, Cyber Offenses / Contravention, Data Privacy, E-Commerce Fraud, Information Technology Act, Internet Fraud, Legal

Unsolicited Emails can be dangerous and can exist in your mailbox in form of a Spam mail, spoofed mail, bulk Emails and any other form of unwanted mails which can be suspicious in nature. In the digital world, not only the individuals but the corporate firms are also becoming victim of sophisticated scams operated via E-mails.

The awareness about the frauds and precautionary measures can help user in protecting the damage to the data and to get safe from monetary loss.

Fraudsters Intention to “trick” the end user

A fraudster may use several tricks to send a fraudulent Email to the target for eg: phishing, whaling, spoofing, masking and malvertising etc. However, the tricks when get ignored by the target or the end user, may turn into a fraud which may be:

• 419 Advanced Fee Fraud
• Fake President Scam
• Bogus business opportunities scam
• Bulk Mail Ponzi schemes
• Online Dating Schemes
• Secret Shopper schemes etc.

Proactive Measures- How to safeguard yourself from Unsolicited Emails

• Filter spam, know the sender. The fraudsters often use fancy or intimidating subject lines which will gather your attention. Thus, think twice and respond accordingly.
• Don’t trust unsolicited email, don’t reply immediately, verify the sender’s information.
• Do not share confidential information via E-mails in a Public Wi-Fi network.
• Treat email attachments with caution. Even if you get suspicious Emails from your known, check for sender’s information received by you along with the Email.
• Be aware of service providers’ policies.
• Don’t click unknown links in email messages.
• Install antivirus software and keep it up to date.
• Install a personal firewall and keep it up to date.
• Configure your email client for security. Enable Two-factor authentication in your E-mail account.
• Check the unsolicited Email’s Domain Keys Identified Mail (DKIM) signature in the Email header, to analyse the mail server or domain details of the sender.
• Check the Sender Policy Framework (SPF) in the Email and ensure the details of the authenticated sender of the mail. Further, whether the sender has passed or failed the SPF. Also, the sending IP address and the SPF validation will give you a very good sense of whether an email truly comes from the person purported to be sending it.
• If the mail if from a company, bank or government organization find their contact information on the web and contact them directly to see if the email is legitimate.

Reactive Measures- if you are a victim of E-mail Fraud?

Victim must take the first response and take proper actions listed below:

• Preserve the fraudulent E-mails in an E-mail backup file and report the fraud as it happens.
• If you suspect that your mobile device received a spoof, then you should wait until you have access to your laptop for more detailed verification.
• Change Password and de-link
  • all devices,
  • all accounts, and
  • applications linked to your compromised E-mail account.
• Place a fraud alert to the concerned authority.
  • Report the incident to the nearby police station/cyber cell in written giving details of the fraud.
  • Employees in a corporate firm must inform the (CERT) with appropriate details of the fraudster in the E-mails exchanged, so that they can take required actions
• In case of monetary loss,
• contact your bank,
  • keep the E-mails intact, and do not delete them.
  • Prepare a backup.
    • prepare an E-mail backup file (.PST) with the help of software utilities like Microsoft Outlook.
    • keep it safe without making any alterations.
• In case, an employee of a company has become a victim,
  • the CERT (Computer Emergency Response Team) of the company can intervene to identify the modus operandi of the fraud.

It may be a case that the cyber cell or the investigating officer has to approach Email service provider for getting the details of the fraudulent E-mail account operated by the perpetrator. A timely response (not later than 12 months) to the concerned authorities could be beneficial for the victim to recover from the loss and also it will help the police agencies to catch the fraudsters.