Have you, a colleague or a friend ever received a suspicious email? It is of paramount importance to know how to report email fraud in order to avoid all the unpleasant consequences that might come from it, especially if we’re talking about the compromise of your business email – revenue loss, data breach, reputation damage, maybe even your dismissal. 

What Is Email Fraud?

Email fraud or email scam refers to the use of email to intentionally deceive another person for personal gain or to harm them. Some of the most common forms of email fraud are phishing, spoofing, and Business Email Compromise (BEC). Let’s take a closer look at each type of these email-based attacks:


Phishing is a malicious technique based on deception, used to steal sensitive information (bank account details, credit card numbers, usernames, passwords, etc.) from users. The attackers pretend to be a trustworthy entity (usually by copying the look and feel of a big brand) to trick the victims into revealing their confidential data.

If a phishing attack is successful, it means that malicious third parties managed to gather private data. The stolen information is then sold or used to commit financial theft or identity theft. Hackers also leverage it to gain unauthorized access to the victim’s accounts and create an opportunity to blackmail them for various benefits.

Most phishing scam emails appear to be from financial institutions, online retailers and services, social networks, government agencies or even from a colleague or a friend. The phishing email might even include photos and information from a legitimate website. 


Email spoofing is a tactic designed to collect private information and data from online users, take over their online accounts, deliver malware, or steal funds. According to some studies, targets usually tend to open an email that appears to be genuine and from a trustworthy sender.

In email spoofing, attackers can make it seem like an email is sent by a familiar person such as a colleague, partner, or manager. Spoofing is the process of manipulating the from: field to create the impression that the email is coming from a certain individual.

Spoofers can sometimes create an email address that seems authentic by replacing just one or two letters in a company name, such as “Arnazon” instead of “Amazon,” or other letter switches that are difficult to notice.

Spoofed emails, for the most part, are either deleted or redirected to the spam folder. The problem starts when a victim is tricked into opening an email and clicking on the malicious link that installs malware into their system.

Business Email Compromise 

Business Email Compromise (BEC) is a type of targeted scam in which an attacker impersonates a company executive or high-level employee with the intent of defrauding or extracting sensitive data from the company or its partners. The end goal of a BEC fraud is to persuade the target to make a money transfer or send sensitive data to the attacker while believing they are executing a legitimate and regular business operation. Attackers achieve this by using different manipulating techniques in order to trick users into providing money or data.

How to Recognize a Fraudulent Email?

Want to know exactly what to look for in an email fraud? Below are a few signs that indicate that the email you received is suspicious and should be reported: 

  • the email does not contain your name or there is a blank space where the name should be
  • the email contains spelling or grammar errors
  • the sending email address is inarticulate or does not match the company name
  • the images, colors, and branding in the email does not match the official website 
  • the email contains a request from a company you haven’t interacted with before
  • you receive a delivery notice you did not expect
  • you are notified that you received a prize from a competition you did not enter 
  • you receive urgent requests for money 

Prevention Methods

How can you avoid identity theft and sharing personal information with the wrong people? Be extra careful when it comes to the cybersecurity of your system and email accounts:

  • Use security software and keep it updated. 
  • Regularly update your mobile phone to make sure you’re avoiding security threats. 
  • Protect your email accounts with multi-factor authentication
  • Don’t forget to back up your data, both the one from your computer and from your phone. Think of using an external hard drive or cloud storage. 
  • Avoid clicking on a link or opening an attachment in unsolicited or suspect emails and do not give out personal information. 
  • Train your employees – every employee in your company must know about the dangers of email fraud, how to recognize it and how to proceed if they have suspicions. 
  • Implement a strong email security solution. 

How to Report Email Fraud

If you have discovered an email scam, there are various ways to report it. 

  • if your business email address has been compromised, you can forward the suspicious email to your IT admin or cybersecurity team and tell them your concerns. 
  • if you notice someone sending emails in the name of a specific company, reach out to that company. Forward them the questionable email and let them know about the scam. 
  • forward the phishing emails to the U.S. Federal Trade Commission’s Anti-Phishing Working Group (APWG) at reportphishing@apwg.or or
  • notify the Internet Crime Complaint Center (IC3) .
  • report scams to your state consumer protection office.
  • report Social Security Administration imposters online to SSA’s Inspector General. Call 1-800-269-0271 (10:00 AM – 4:00 PM, ET). 
  • report IRS (Internal Revenue Service) imposters to the Treasury Inspector General for Tax Administration (TIGTA), at 1-800-366-4484.

More details, here and here

If you have received a suspicious email on Gmail, you must know that “when you manually move an email into your Spam folder, Google will receive a copy of the email and may analyze it to help protect our users from spam and abuse.” 

If you want to specifically mark an email as phishing, open the message, click on the More button next to Reply and click Report phishing. 

How Can Heimdal™ Help?

Installing email security software is a great plus for any business email security strategy. With that in mind, Heimdal has developed two email security software aimed against both simple and sophisticated email threats:

Heimdal Email Security is more than a regular spam filter, is a cloud and on-premises email protection solution, mixing Office 365 support with proprietary e-mail threat prevention that detects and blocks malware, spam emails, malicious URLs, and phishing attacks. Every email is scanned for impersonation, data leak risks, and more. Also, file attachments are scanned by default and blocked if the contents are marked as suspicious.

Heimdal Email Fraud Prevention is the ultimate email protection against financial email fraud, C-level executive impersonation, phishing, insider threat attacks, and complex email malware. How does it work? By using over 125 vectors of analysis and being fully supported by threat intelligence, it detects phraseology changes, performs IBAN/Account number scanning, identifies modified attachments, malicious links, and Man-in-the-Email attacks. Furthermore, it integrates with O365 and any mail filtering solutions and includes live monitoring and alerting 24/7 by our specialists.

Together, the two solutions can work to stop and flag down every type of malicious email communication there is, including the carefully created emails coming from a previously trusted compromised email address.


The integrity of your email accounts is crucial – when accessed, cybercriminals can obtain personal information, your social security number, details about your bank account or credit card, phone numbers, addresses, etc. For this reason, it’s important to protect it and to know how to report email fraud. 

Always do your best to discourage cybercriminals, either by prevention or by reporting their malicious acts! Also, please remember that Heimdal™ Security always has your back and that our team is here to help you protect your home and your company and to create a cybersecurity culture to the benefit of anyone who wants to learn more about it. 

Drop a line below if you have any comments, questions, or suggestions – we are all ears and can’t wait to hear your opinion!

CEO Fraud Emails – Not Every Money Transfer Request You Receive Is Legit

What Is Email Spoofing and How to Stay Protected

What Is Email Security?

The Complete Guide to Business Email Compromise (BEC) and How to Prevent It

Phishing attacks explained: How it works, Types, Prevention and Statistics

Leave a Reply

Your email address will not be published. Required fields are marked *