Esenyel Partners | Fraudulent acts committed through e-mail communications and measures to be taken against these offences
Emergency +90 506 792 7690 (7/24)
In Emergency Situations
Homepage
/
Fraudulent acts committed through e-mail communications and measures to be taken against these offences
Current Articles
04 Feb, 2025

SUBJECT: Fraudulent acts committed through e-mail communications and the measures that can be taken against these offences

measures

EXPLANATIONS:

As you are aware, the number of fraud offences committed via e-mail has increased today
and began to appear in various forms. Fraud via e-mail
the most effective offence and the most difficult for the victim to recognise as a result of their trust
One of the methods is to infiltrate the e-mail chain between the customer and the business owner. Frequently today,
while the customer and the business owner are in contact via e-mail, at the money transfer stage, fraudsters e
activates the passwords in the mail system and provides the victim with their own IBAN information
and completes the offence.

The fraud methods mentioned in this information note and the measures that can be taken to prevent them
will be addressed.

1. Cloning

Cloning e-mail attacks, which contain a link or attachment that has already been sent
e-mails. Attackers can use a secure connection by creating a clone of the official e-mail.
or replaces the file with malicious files or attachments. It is very difficult for the user to recognise
in such mails, carefully examine the sender’s address, look at the previous mails of the address that reached you and
comparison is very important.

By the system administrator / person in the e-mail sequence while already in e-mail communication
you receive an e-mail that appears to have been sent; you are informed that your personal information needs to be updated, that your information
you will be prompted to enter your details again and you will be asked to submit your details.
In this direction, you should click on the name of the name from which the e-mail came and match the e-mail address with the name,
must be confirmed via previous mails. Sample image is as follows.

It should be noted here that the e-mail is sent from an address with a conventional extension
but when you look at the sender section, you can see whether it comes from a different account.
confirmation of the e-mail. If you are not sure who the e-mail is from, please ignore it.
If you are faced with such a situation, please do not ignore the e-mail before contacting the organisation and verifying the authenticity of the e-mail.
Do not reply before confirmation. Also, if there is a file attached to the e-mail, you should check it with an antivirus programme.
should not be opened without scanning; many files, including PDF, Word, may contain malware
you must take into account.

2nd Spear Identity Hunt

The spear phishing method is usually used in e-mail attacks against companies or a specific person.
is just that. By using the private information of the targeted person, the fake e-mail sent appears to be real
provided. In such e-mails, the attackers usually ask for the person’s real name, where he/she lives, occupation
can prepare a very convincing e-mail with details including friends and other information. This one
to be careful at this point, why would someone who has such detailed information about you
you should be asked that he/she has made a request; if possible, in particular to transmit personal data and/or to make a payment
confirmation should be provided by telephone calls before the stages.

3. Şifre Balıkçılığı

Password Fishing is an online attack where fraudsters send e-mails to random user accounts
type. E-mails can be sent from known websites or from the user’s bank, credit card company, e
appears to be sent from the mail or internet service provider. Usually accounts
personal information such as a credit card number or password in order to be able to update it. In these emails
URL link that redirects users to another website. This site is actually either fake or
is a modified website. When users enter this site, they are exposed to a password fishing attack
They are asked to enter their personal information to be forwarded to the person.

Password Fishing is generally used to learn a person’s password or credit card information.
With the help of an e-mail pretending to be from a bank or an official institution, computer users
are redirected to fake sites. For Password Fishing attacks, banks, social networking sites, e-mail
services, online games, etc. fake web pages are prepared. Here, the identity of the computer user
information, card number, password, etc. are requested. Taking into account the requests in the e-mail message and on the fake site
users’ information is stolen.

The fraudster sends you an e-mail by creating an analogue of the web page of the institution and sends you an e-mail
It asks you to update your information by providing a link in it. The aim is to redirect you to the fake page and update your information
is stealing. When you click on the link within the page, you will be taken to an address similar to any social media page.
If you enter your information without paying attention, your information will be in the hands of hackers.

In this kind of situation, what you need to do is to definitely click on the site link addresses that come in the e-mail.
not to click on it. If you are confronted with such a situation, do not click on the e-mail before contacting the other party and
Please do not reply to the e-mail until the accuracy has been confirmed.

4. Interception in Mail Chain

In this method, called interception in the mail chain, the attackers firstly target the companies
hacking into e-mail accounts and monitoring their correspondence. He monitors conversations and carefully reads business correspondence.
when they detect a transfer of large sums of money by analysing the e-mail address of one of the parties
by forging a letter and opening a new e-mail account. With this e-mail account, the e-mail chain
The attackers intercept and share their own bank details. Accordingly, the money transfer will be made
The accuracy of the account information should be confirmed through different channels.

Following our explanation of the methods used by fraudsters, we will provide general information about the precautions that can be taken.
Our recommendations are as follows.

  •  As a result of the negotiations carried out via e-mail, when the payment stage is passed, IBAN
    verbally (by telephone, etc.) for the accuracy of the IBAN number before the information is sent
    After the payment is provided, IBAN information can be shared via e-mail and payment can be made.
  • It is known that the payment stage will be started as a result of the negotiations carried out via e-mail
    if the parties have not previously communicated externally by telephone or other means
    A code code can be determined and the relevant code can be added to the end of the e-mail to be notified IBAN.
  • Since QR code creation has become quite easy nowadays, it is possible to create a QR code externally between the parties.
    A QR code to be shared is added to the end of the e-mail to which IBAN information is sent to ensure confirmation
    possible.

When the applications and examinations made to the General Directorate of Security are analysed
It has been understood that the method of interception is used, and the e-mail address in each incoming mail, the e-mail address of the e-mail address
confirm the name and e-mail signature information that appears when you click on the above; if possible, confirm the above information
We recommend that you secure yourself by taking the measures we have listed.

 

Esenyel Partners | Fraudulent acts committed through e-mail communications and measures to be taken against these offences
Similar Articles
01
04 Feb, 2025
Law No. 7511 Amending the Turkish Commercial Code and Certain Laws!
02
04 Feb, 2025
Amendment to the Turkish Civil Aviation Law!
03
04 Feb, 2025
Automated Information System (AIS)
04
04 Feb, 2025
AIS SYSTEM APPLICATION
05
04 Feb, 2025
Obtaining citizenship by purchasing real estate!
06
04 Feb, 2025
Letter From The Ministry Of Transport And Infrastructure Regarding The Compulsory Confirmation Letter From P&I Insurers For The Passage Through The Turkish Straits
Blog
Cookie Settings
On this website, we use cookies and similar functions to process device information and personal data. The processing serves the integration of content, external services and elements of third parties, statistical analysis/measurement, personalized advertising and the integration of social media. Depending on the function, the data is transferred to and processed by third parties. This consent is voluntary, not required for the use of our website and can be revoked at any time using the icon at the bottom left.