01924 241 281 hello@biscuit.uk.com

The dangers of Email fraud and tactics you can use to avoid it

Email fraud is becoming more dangerous. This form of cyber-attack has been around for many years, but with the rise of remote working it is becoming more prevalent and more effective. Without due diligence it is incredibly easy to fall victim to these attacks, and because of the communication difficulties caused by the pandemic, less people are reporting suspicious activity.

The dangers of email fraud are potentially unlimited. Depending on the cyber-security processes that your business maintains, there is a huge amount that can be lost. The average attack costs $80,000 to recover from, and SMEs are currently targeted as much as larger businesses. The way to prevent email fraud attacks is simple, but it requires your whole team to be trained in how to spot them. At Biscuit we’ve spent years training businesses in what to look out for, meaning we’re in the perfect position to provide advice. Here is our guide to the dangers of email fraud and how to avoid it.

The dangers of email fraud

There are 3 types of spam email that can potentially cause serious problems for businesses. These include:


These attacks are probably the most well-known and have been massively on the rise over the past 18 months. Phishing emails are centred around tricking your staff into giving up sensitive information such as passwords or customer data. There’s no hacking involved, just criminals trying to look convincing enough to gain information from your staff.

The way this is done is by either posing as a member of your team, or a trusted company such as your bank, your telecoms or energy provider. Criminals even pose as well-known businesses such as Google. These emails will usually be from an address that isn’t quite right, could have incorrect grammar and may pretend to be a security alert. They will then usually contain a link, this is how the criminals will access your data.


This is perhaps the most damaging form of attack that can come from your inbox. Like phishing the attack will be done in the same way, encouraging your staff to click a link by posing as a trusted sender. The difference with ransomware is what happens afterwards.

Instead of simply stealing your usernames, passwords or financial data, ransomware installs software onto your device that completely locks it. Whether this attack affects only one device or compromises your entire network can vary. Depending on the attacker and any air gaps in your IT network. Either way ransoms typically cost in the range of 6 figures. The costs of removing the malware from your system are also in this region. It’s a lose-lose situation.


Far more subtle than the other two attacks mentioned here, spyware can have the same effect of costing your business thousands. Spyware is once again installed onto your network in the same way. By posing as a legitimate email and encouraging your staff to click a malicious link. The difference with spyware is that you likely don’t know that you’ve installed anything.

Once spyware has been added to your network, it automatically looks for exposed passwords, customer data and financial information. This data is tracked and sent back to criminals who can then use this data to siphon money or valuable customer information away from your business.

All of these forms of attack can be devastating to your business. Here are some of the ways that you can prevent your team from falling victim to them:

Spam Filters

Spam emails used to be unwanted ads and offers. Now sophisticated attacks make them a genuine threat to your business. Your managed IT provider should be able to equip your network with a spam filter that blocks the vast majority of unwanted mail or at least sends them to your junk.

If you aren’t currently equipped with a spam filter, we can help to provide one as part of our cyber-security service. No filter is 100% effective though, and this is where other measures shine.

Remote monitoring

Keeping an eye on each of your devices sounds like a monumental task, especially if you’re a larger business or have a remote working plan. A remote monitoring service helps you to stay on top of every device and react before an incident occurs.

At Biscuit we offer a 24/7 monitoring service that keeps track of every device on your system, not only acting in conjunction with anti-virus services to prevent malware from being installed, but also alerting you to irregularities on your network that could indicate that individual devices have been compromised.

IT Training

You might be reading this article and thinking, “I know how to spot a fake email, it’s obvious!” It might well be to you. You’re reading this blog on the website of an IT company, but is it obvious for your entire team?

Our IT training services use the expertise we’ve developed in-house to help bring your staff up to speed. From cyber security training to training for all your tools, we’ll help you make the most of your technology.

If any of these services interest you, or you want to find out more about cyber-security, get in touch with our team at 01924 241 281 or visit our website.