Dark Mode Light Mode

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow Us
Follow Us
Login Login

Email scams: How to keep your new business safe

Email-Scams-Example-Animated Email-Scams-Example-Animated

Despite ongoing speculation about the decline of email, this long-standing communication method remains a vital tool in the business world. Specifically, the realm of hacking.

One of the most effective tactics in a cybercriminal’s arsenal is sending an email with a seemingly legitimate link that is actually malicious. This deceptive technique has been responsible for some of the biggest hacks in recent times, such as the breach of Twilio in 2022 and the hack of Reddit last year.

Identifying a suspicious email from a genuine one is becoming more challenging as hackers refine their tactics, even for those with a keen eye for bad spelling or unusual email addresses.

Advertisement

Consider business email compromise (or BEC), for instance, a form of email-based attack that specifically targets organizations of all sizes with the intention of pilfering funds, vital data, or both. In this particular scam, cybercriminals assume the identity of someone the victim knows well, like a colleague, supervisor, or business associate, in order to deceive them into unintentionally revealing confidential details.

The potential harm this presents to businesses, especially startups, cannot be emphasized enough. Last year alone, the latest data from the FBI reveals that individuals in the U.S. suffered losses of nearly $3 billion in BEC scams. Furthermore, these attacks continue to persist without any indication of decreasing in frequency.

Tips for identifying a business email compromise scam

Be vigilant and keep an eye out for any indications of potential problems.

As email-sending tactics evolve, it’s important to stay vigilant for potential red flags that may indicate cybercriminal activity. Some signs to watch out for are emails sent outside of regular business hours, names that are misspelled, a discrepancy between the sender’s email address and the reply-to address, unusual links and attachments, or an unnecessary sense of urgency.

Reach out to the sender directly

With the rise of spear phishing, it has become increasingly difficult to differentiate between legitimate messages and personalized phishing emails. These deceptive emails often mimic those of high-level executives or external vendors, making it challenging to determine their authenticity. When encountering an email that appears out of the ordinary, it is always wise to reach out to the sender directly for verification. Instead of responding through the email or phone number provided, take the initiative to confirm the request.

Consult with your IT department

There has been a noticeable rise in the prevalence of tech support scams. In 2022, Okta customers fell victim to a meticulously orchestrated scam where attackers cunningly sent employees text messages containing links to deceptive phishing sites that mimicked the appearance and interface of their employers’ Okta login pages. These login pages were so convincing that over 10,000 individuals unknowingly shared their work credentials. If you happen to receive a sudden text message or an unexpected pop-up notification on your device, it’s crucial to verify its legitimacy, as your IT department typically wouldn’t reach out to you through SMS.

Exercise caution when receiving phone calls

Email has been a favored tool of cybercriminals for quite some time. In recent times, criminals have increasingly turned to deceptive phone calls as a means to infiltrate organizations. According to reports, a cleverly executed phone call was all it took for hackers to breach the security of hotel chain MGM Resorts. By skillfully deceiving the company’s service desk, the hackers managed to gain access to an employee’s account. It is important to maintain a cautious approach when receiving unexpected calls, even if they appear to be from a trustworthy source. Avoid disclosing any sensitive information over the phone.

Implement multi-factor authentication for all your accounts!

While multi-factor authentication is a valuable security measure, it is important to note that it is not infallible. There is still a chance for vulnerabilities even with the additional layer of security that a code, PIN, or fingerprint provides. By implementing an additional level of security, it becomes significantly more challenging for cybercriminals to gain unauthorized access to your email accounts, going beyond the vulnerability of easily hackable passwords. Enhance your security measures by implementing advanced passwordless technology, such as hardware security keys and passkeys. These cutting-edge solutions add an extra layer of security, effectively preventing malware that steals information from users’ passwords and session tokens.

Enforce more rigorous payment procedures

When it comes to cyberattacks, the primary objective of criminals is to generate profit. The effectiveness of BEC scams largely depends on their ability to manipulate a single employee into initiating a wire transfer. There are certain individuals who, driven by financial gain, adopt the guise of a vendor and attempt to deceive the company into making payment for services that were never actually rendered. To minimize the chances of becoming a target of this kind of email scam, implement rigorous payment procedures: Create a comprehensive payment approval protocol, ensuring that employees verify money transfers using an additional communication method. Additionally, instruct your financial team to meticulously review any alterations to bank account details.

Feel free to disregard it

In order to effectively protect yourself from most BEC scams, it is advisable to disregard the attempt and proceed without giving it any further attention. Are you certain that your boss is requesting that you purchase $500 worth of gift cards? Disregard it! Receiving an unexpected phone call? Please end the call. However, it is important to speak up for the benefit of your security team and to assist your colleagues. Silence is not the best approach. Notify your workplace or IT department about the incident so they can be more vigilant.

Email Scam Example
Email Scams: How To Keep Your New Business Safe 19

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Add a comment Add a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post
Trump'S Account Meta

Meta has lifted certain restrictions on Trump's account in anticipation of the 2024 elections.

Next Post
Vanmoof-Bikes-Shop

Exploring VanMoof's strategy to regain the trust and loyalty of its previous clientele

Advertisement