Keeping your business emails safe still requires the human touch, no matter how up-to-date your systems are.
Emails are the lifeblood of every business working today. Despite the fact that the media predicts that email is dying (or dead) we all use email every single day to talk to suppliers, clients customers and other people in our organisation.
We’ve mentioned before how emails can carry malicious software and viruses. Malware attacks such as the WannaCry or BadRabbit attack we highlighted last year are often spread through email.
But there is another sort of email risk, and that’s often called Business Email Compromise.
In 2016, the FBI declared that cybercriminals had managed to scam $3.1 billion from over 22,000 victims in at least 80 countries over the previous three years.
The projected figures now suggest that those losses exceed 9 billion dollars.
The attackers often targeted business by using various social engineering techniques, compromising legitimate email accounts, or by hacking into an enterprise’s network, attackers manage to fraudulently transfer funds to their accounts.
Fraudsters profile their victims before launching the attack. They become familiar with their normal business practices and then use the payment method commonly associated with the victim.
The problem is that although cybersecurity spending across all sectors at an all-time high, these types of attacks are actually fairly unsophisticated.
Unlike the numerous types of attacks that use malware, most business email scams rely solely on social engineering. They use trickery, deception,and psychological manipulation, rather than malware. And by doing this they are inflicting substantial damages.
Most cyber security systems are designed to detect emails containing malware and malicious links. What that means is that fraudsters emails can often land directly in users’ inboxes. When this happens the fate of an attempted scam is in the hands of its recipient.
The outcome of this is that even the most technically sophisticated cyber defences aren’t always a match for low-tech threats.
Combating business email scams requires more than just advanced technologies and the latest up-to-date systems. It requires people – everyone from employees right up to business owners – to understand the threat and know how to combat it.
Many of the attacks on business emails are designed to exploit human instincts and emotions. They sometimes mimic suppliers, or even customers. They will sometimes masquerade as legitimate companies, with legitimate requests for information.
We all know that the Nigerian prince who wants to “make use of” our bank account to transfer millions of dollars is purely a scam. But they keep trying it, because they keep getting success.
One incident that came to our attention recently was an order request to an artist for some original paintings. They paid by cheque and purposefully “overpaid”. Then requesting a BAKS transfer back of the excess amount “after 3 working days when the cheque has cleared”.
The reality is that this is a total scam. Cheques may appear as cleared in a bank account, but they take longer than that to officially clear. If the BAKS payment is made, the cheque then bounces and the struggling artist suddenly finds themselves down several thousand pounds.
The only way defeat these kind of scams is with human nous!
Our intelligence and vigilance naturally plays a critical role in defending against business email attacks. If we rely solely on our cyber security software, we are opening our organisations up for attack.
There are certain indicators that emails aren’t quite right. They tend to be less technical and more nuanced, often relating to the scammers syntax, dialect, or other behavioural characteristics.
For example, a the email address may be different than expected, or in cleverer scams, it might be that the phrase an attacker uses to open or sign off the email doesn’t match the usual form.
Automated security systems are not designed to identify these indicators. Which is why , which is why human intelligence and education in the subject matter is crucial.
The best way to make sure your organisation doesn’t fall foul of a business email attack is to make sure that all your employees are aware of the dangers.
Educating people about email security – what to look out for, how to deal with a suspected attack – is crucial to keeping your business safe.
Raise awareness of the issue can help employees more accurately detect and report malicious emails and other socially engineered attacks.
It’s also important to consider that many people in your organisation may be unaware how common these threats are, and how they are capable of inflicting significant monetary damages. After all, most of the cybersecurity-related news coverage tends to focus on larger scale attacks from Russia, Korea or other states, and the cyber attacks such as Mirai or WannaCry.
It’s no surprise that unsophisticated scams, though widespread and damaging, are considered less newsworthy outside the business security community.
The best way to defend against them is to have the right systems and procedures in place, and to have the right team to help you implement them. At Wood ITC we offer a full range of security measures as well as a full IT audit to make sure you and your team are safe.
If you’re worried about the effects of low level scams on your business, talk to our expert team today.