Email fraud, or intentional deception via email for personal gain or to damage a corporation, continues to be a difficult problem for area business.
Statistically, the most successful email fraud sites have a 45 percent conversion rate at getting people to turn over information. Scams earn big paydays for cyber crooks because email is an inexpensive vehicle for fraud.
This year the FBI reported $1.2 billion in losses due to business email scams.
Business email fraud attempts are highly sophisticated, well-researched attacks designed to trick well-meaning employees. The ploys work in part because employees are helpful by nature and the individual engaging your employee will often be seeking assistance in a hurry.
Innate curiosity is another reason the employee fails to recognize these tricks. The fraud perpetrator crafts an email that entices employees to click malicious links. Multitaskers beware: Email fraud works against those employees not fully attending to the task at hand.
Email fraud has many varieties, but the big payoffs typically happen through CEO schemes. CEO email fraud is an attack vector where cyber criminals spoof or hijack the email account of C-level. The hacker gains entry to the corporate email system and watches how employees typically communicate. Spoofed emails are then sent using first names or nicknames and closely resemble a typical email between employees.
Commonly the spoof happens while the executive is travelling and the target employee is tasked to wire-transfer large sums of money. The emails appear legitimate with wire instructions closely resembling typical instructions the company would expect to receive. Once transferred, there are few ways for banks to recover lost funds.
Emails used to deliver malicious code or “phishing” typically contain a link. Phishing emails appear to be sent by legitimate companies that the employee has communicated with in the past. The difference is that the emails come unexpectedly and require the employee click a link. By clicking the infected link, employees unknowingly release malware like ransomware onto their workstation.
Given enough time, the workstation and network drives can be encrypted, holding valuable data hostage. Companies have to then pay a ransom or restore data from a backup device. These types of interruptions cause loss of revenue and productivity.
Traditional network security steps including firewalls, anti-virus software and email spam filters are a good start to protecting your business. However, many businesses falsely believe these methods are enough.
Building a strong security culture among your staff and employee training are likely your best weapons against email fraud. Alert employees who understand the threat and security procedures like two-step authentication are key methods to protect your business. Routine staff training to discuss what to avoid and how employees are to respond to a fraudulent attempt keep security top of mind.
The old adage “the best defense is a good offense” could be the way to save your company big bucks.
Nancy Haddad is director of sales and marketing for U.S. Computer Connection, a Stamford company providing IT support to businesses and free webinar training for employees to learn better network security. She can be reached at 203- 517-4692 or NHaddad@uscomputer.com.