In some cases, cybercriminals may have managed to gain access to systems belonging to somebody that you know and trust or potentially they have spoofed their address (sending with the correct email address, but not actually gaining control of the person’s accounts).

This could be email, but just as likely it could be their social media accounts or any online system really. Using genuine accounts, the cybercriminal masquerading as your ‘friend’ may send you a link, or attachment extolling that you ‘must see this amazing…’ or some other hook.

These attempts are very hard to spot, and it would be really difficult to tell on the face of it whether the contact is genuine

Security tips

  • Where you receive an email that appears to be from someone you know, consider if the communication sounds right. E.g. Does your brother usually send you dramatic emails or cat videos? If not it’s unlikely he just started so ask him or just delete it, it can always be resent.

  • Hover your mouse over a sender’s name in the ‘from’ field or touch it on a tablet, it will come up with the full reply address which should be correct. If it isn’t it is likely a spoofed email. Delete it

  • Does the general body of the message feel right, if anything doesn’t read OK to you, pick up the phone and ask the sender (as you know them in this case) if it’s genuine. Checking is safer than being caught out.

Download-free-CyberSecurity-eBook-Quick-Guide-to-Today's-Cyber-Threats