Monday, July 19, 2021

The Signs Your Business Email May Be Compromised

While businesses tend to spend a lot of time and money on cybersecurity, they overlook or underestimate the potential for one of the most devastating types of attacks to occur. Business email compromise is increasingly common, and it’s a simple way for hackers to infiltrate a system.

When they do, they have access to all the information they need to cause real destruction to your business.

What Is a Business Email Compromise?

Business email compromise targets organizations anywhere. It’s associated with wire transfer fraud, but more than that as well. For example, real estate scams and W2 scams can also occur.

Learning how to spot a business email compromise should be a top cybersecurity priority.

There are three general categories of BEC scams.

One is CEO impersonation. In this type of BEC scam, the cybercriminals impersonate the CEO or a company executive to try and get an employee to provide information. It could be that the scammer asks for client information or maybe tax information. This type of scam can also include asking for wire transfers.

A complete account takeover is usually the larger goal of a cybercriminal. These types of attacks can be especially devastating.

Another example is a false invoice scheme. This type of BEC will usually target someone in the accounting department. A cybercriminal will change the bank account numbers on an actual invoice but leave everything else the same, so it’s tough to spot the fake invoice.

Red Flags That Your Business Email is Compromised

The following are some of the signs that you’re a victim of a BEC scam or someone is attempting it.

Time Sensitive Requests

If you check your work email and someone is in your inbox demanding that you execute a particular action with urgency, you should investigate.

Attackers tend to want to create that sense of urgency so that you have an emotional response and also so that you don’t feel like you have time to think about what’s actually happening.

It might be disguised as a request for a personal favor or some type of last-minute change.

This type of red flag might also be more likely to occur close to a holiday, the weekend, or when the workday is ending, so again, you’re pressured into thinking you don’t have time to question it.

Messages Coming From Personal Emails

A cybercriminal might try to say that they’re a coworker, partner or executive of your employer, but they’re contacting you via their personal email.

For example, they might email you from a Yahoo or Gmail account and then tell you they have a request and didn’t have time to use their business email to get in touch.

Generic Terms

If you get an email with generic greetings or terms, such as Dear Sir or Dear Madam, you should take the time to look at who’s sending the email and what they’re asking for.

The cybercriminal might not know your real name.

If someone is getting in touch with you for legitimate purposes,they’re typically going to know who they’re contacting.

Invoices May Look Unfamiliar

If you get an invoice that seems off somehow, dig a little deeper. In fact, be careful any time you receive an email with an invoice, no matter how it looks.

Double-check anything before you pay, and confirm even if you were expecting it.

What Can You Do to Avoid a BEC?

There are steps you can take to protect your business and your email.

First, if you’re an employer, you should have security controls on all of your employees’ devices that prevent malware download.

Everyone should be trained on how to watch for red flags of phishing and other email-related scams, and you can set up alerts that will let you know if there are email addresses created that are similar to your own.

Any external email should be flagged as it comes to employees because this will be a reminder to them to scrutinize these carefully.

Employers are combating some of the risks of business email compromise by implementing a two-step payment process, and your employees need to call and verify any invoice before they pay it personally.

The biggest weakness in your business is your employees, but they can also be your biggest strength if they’re well-informed and trained on everything related to cybersecurity, including business email security. They’re ultimately your front-line defense as it pertains to cybersecurity.

The post The Signs Your Business Email May Be Compromised first appeared on Feedster.

No comments:

Post a Comment