Surviving an Email Attack

According to the FBI, business email compromises cost businesses $26 billion between 2016 and 2019.  This represents a serious threat to your business.

How do the scammers compromise your emails?

  • The bogus invoice scheme. With this, organizations using foreign suppliers are the target. The scammers appear to be a supplier who is requesting that funds are transferred to their bank account as payment for an invoice only the funds will end up in the scammers account.

  • CEO fraud. As in our example at the start of this article, an email appears to be sent from the CEO or some other senior executive. The recipient will be in a position to transfer money and will make the transfer to an account controlled by the scammers.

  • Account compromise. The email account of an executive, or sometimes an employee, is hacked and used to request the payment of invoices allegedly from any vendors who are listed in their email contacts. Of course, any payments sent to these vendors go to the scammers account.

  • Attorney compromise. With this, the scammers appear to be lawyers or sometimes people from the law firm who are in charge of crucial and confidential matters. If a company is involved in some kind of litigation or a takeover, it’s not unreasonable to hear from the trusted legal team. The email or phone call requests that money is transferred immediately for some crucial reason, but the bank details supplied belong to the scammers.

  • Data theft. Scammers love personally identifiable information (PII) about people and so will target employees working in HR or accounts. They will then try to obtain PII or tax statements of other employees and executives. Scammers will use this information in future attacks.

How do you protect your business?

  • Encrypt Sensitive Data
  • Establish Secure Internal Infrastructure
  • Invest in Training Your Staff
  • Establish Protocols for Accessing Data Remotely
  • Have a Password Policy in Place
  • Frequently Update Your Systems
  • Back-Up Thoroughly and Often
  • Implement Access Control Protocols

Knowing the areas of fraud prevention and establishing a robust cyber security program, will go a long way in protecting your business from email scams.

Source: ToolBox Security