Scam Emails… Without Links?

19th January 2022

Ever seen an email that looks suspicious off the bat, but doesn’t contain any links? Don’t be fooled, this is intentional… A new method of scamming is sending seemingly legitimate emails without a malicious link, but it’s not as safe as it seems, keep reading to find out why.

What do I need to look out for?

Seemingly normal emails from companies we all most likely use (banking, PayPal, etc…) but often strange email contents. Usually driven by a sense of urgency to provoke you to take action, and as there is no link it doesn’t seem too suspicious, right? 

Here’s how you can read the fine print to determine if this is real or a scam:

Are attachments malicious?

Links aren’t the only thing to look out for, attachments can be infected too with malware. Without clicking on any links you can still be compromised by simply opening attachments that will unleash the malware and can start infecting your device.

Astaris always recommends taking the precautions mentioned above before clicking on any link, file, or attachment.

What effect does it have on a business?

Unfortunately, businesses are a great target for organised crime. They are often able to charge more for ransom and the data they can gain access to are often a lot more valuable so therefore they are more likely to be targeted.

A report from Datto done in 2020 suggests that 84% of SMBs ‘should be very concerned’ about the risk of ransomware, but only 30% are actually ‘very concerned’.

What effect would it have on your business if you did fall victim to a ransomware attack? 

Even if you do not end up paying the ransomware fee, the average cost of downtime to a business as a result of an attack in 2020 was almost 50 times greater than the money requested for ransom!

The average cost of a ransom in 2020 was $5,600 compared to an average downtime cost of $274,200. So it’s not just the ransomware fees you need to think about when it comes to protecting your business.

But keeping your business safe is challenging unless you know how, 50% of SMEs increased their IT security budget in 2020 and almost half have partnered with a managed security service provider like Astaris.

What do managed security service providers do?

Having your IT security managed by professionals takes the stress out of the equation for a business, and ensures you are at a much lower risk of falling victim to an attack, and if something does slip through the cracks, your data remains protected. 

A managed security service provider can put technology in place to filter and refine the mail that enters your email, specifically filtering out any spam that may include malicious links or documents. This method of protection can cost as little as £0.54 per week (not too bad compared to the potential cost of ransom or downtime).

If in the rare event you did fall victim to attack and your files and data were being held here are some of the most commonly used recovery methods:

Next steps…

If spam and ransomware are something you feel you have not taken precautions against, it’s definitely worth looking into. 

There are specific industries that are more likely to be targeted (this list contribute to 35% or more of ransomware attacks) and these include (in order):

So if your business is a bank of data, you should consider ways to keep it safe! 

Here’s how Astaris can protect your business and its data

Astaris provides employee training from KnowB4, a certified training provider that will help your employees to more easily identify suspicious emails.

To prevent these emails from entering your or your employee’s inbox in the first place, email and spam filters will be put in place. As an additional measure, antivirus and anti-malware software will also be installed.

Astaris will also remotely manage your email and inbox around the clock to ensure your business is safe.  

So take the steps today your data and your business is safe!


The specific attack this week?

Email that looks very much like it comes from PayPal, telling you that you have bought  $1200 of crypto-currency.

But there aren’t any links in the email. So nothing to click, nothing for a spam filter to check and mark as dodgy.

So what is the danger?

The telephone number that is included innocuously in the email to report any problems / raise queries for the transaction.

If you were to call it, some nice person would answer the phone as “Good Morning, PayPal. How can I help you?”.

They would, no doubt, ask you for log in details, your credit card number etc – just to “locate” the transaction.

Except it wouldn’t be PayPal that you’d be calling. It’d be a fraudster.

And you’d have given over all your information, because, after all – you were careful and didn’t click any links right?