Protect your business from common email scams

By: Daniel Offer

Date: 11 March 2011

There are many types of online fraud, but email scams are among the most prolific. Thankfully, many people are now more aware of online scams, but email fraud is still rife and it often targets small business. Here are two of the most common types of email scams:

1 Domain name expiry scam

Malicious fraudsters have now started targeting .uk domain names with falsified domain expiry warnings. Sadly, many of those who fall for this latest domain name con are small firms, largely because they do their own in-house IT management and are not fully au fait with some of the technical aspects involved.

Unscrupulous online criminals are manipulating this lack of knowledge. Many websites receive emails that warn of an imminent domain name expiry. A lot of small businesses, fearing they’re about to lose their domain name, pay extortionate fees to renew their domain unnecessarily.

The emails are usually called something like ‘Domain Registry Services’. They warn of an urgent renewal being required and will state the charge for a renewal. This charge will be much more than an average renewal. It will also be completely bogus.

Many small businesses don’t keep accurate records of when they bought or last renewed their domain name and they probably will not remember the original charge.  This is probably why this scam works so well. If you receive one of these emails and are in any doubt, contact (the .uk internet registry at

2 Phishing and password theft

Most small businesses tend to manage and respond personally to business emails and can become targets for this renowned, but effective, email scam. ‘Phishing’ is the practice of attempting to gather sensitive, protected information by persuading someone to enter their private details online. The most common form of phishing scam is the fake bank email.

Internet criminals clone an official bank email address or manipulate the recipient’s email inbox into believing the email has come from a trusted source. Often the sender of these emails will appear to be the real company. The email will often say that “owing to a recent security threat to the business’s account, to ensure there has been no fraudulent activity”, the business must log in to its account with its username and password.

The email will contain a believable login section that mimics the real bank’s website template. If the business owner enters their details, online fraudsters can access a business’s private accounts and steal money or make unwarranted transactions in the business’s name. Real banks will never ask for personal account information via email, of course.

Trust Your Instincts

Be cynical. If an email just doesn’t seem right – don’t open it. Then report it. Many email providers enable you to report spoof emails and phishing attempts. One of the best things a small business can do is use an email provider with high-end junk and spam filters. Many cheap web-hosting services provide email services, but their filtering software may be substandard. It may be prudent to invest in a reputable web host or use a generic email provider such as Gmail, Hotmail or Yahoo!. If you receive a domain expiry email, contact your domain name supplier. It’s that simple. They won’t take umbrage.

There are many more scams other than the two I’ve mentioned. Caution, common sense and a little bit of knowledge will go a long way towards reducing the likelihood you’ll fall for an online dupe.

Daniel Offer is a partner in the Facebook messaging application Chit Chat for Facebook