It’s true – email scams have proliferated in recent years, driven largely by the growing cryptocurrency market. And yet, although these scams are detrimental to your company, there are strategies your business can employ to keep users safe online.
How to Protect Your Business from Compromising Scam Emails:
#1: The “CEO Fraud” Scam
Cybercriminals will often masquerade as high-level executives or other legal representatives. This strategy targets employees in charge of finances, most often accountants, Directors of Accounting, and CFOs.
Posing as the C-level executive, the cybercriminal will reach out to the financial employee to request a wire transfer, sending the funds directly into an account controlled by the cybercriminal. Some common reasons given for needing the transfer include the C-level employee being stuck somewhere with legal issues or having an urgent bill that needs to be paid; these scenarios stimulate a sense of urgency, taking advantage of the human response and making the scam easier to execute.
#2: The “Bogus Invoice” Scam
A bogus invoice will usually involve a business that has an established relationship with a particular supplier or client. Cybercriminals will compromise an employee's email address to gain access to the business account. This account is then used to send false notifications to customers asking for an invoice payment, and the money transfer is sent into a fake account benefiting the criminal.
#3: The “Compromised Employee Account” Scam
Cybercriminals will often go directly to the employees of any organization, hacking right into their email accounts to request payment. This payment is sent directly to a criminal-controlled account. These messages are usually sent to multiple vendors but are not mass-emailed in order to avoid being marked as spam. Businesses are usually not aware this scam has occurred until their vendors follow up to check for an invoice payment status.
Scam victims are varied, ranging from small local businesses to large-scale corporations. Unlike general phishing scams, attackers will spend significant time doing their research on the intended victim to ensure that the message sounds believable and legitimate.
#4: The “Spelling Errors and Malicious Attachments” Scam
Misspelled words and incorrect use of grammar are some of the most common ways to detect an email scam. Most emails that are sent within an organization have automatic spell check software, so it is unlikely that there would be multiple syntactic and grammatical errors. The more spelling errors, the more cautious you should be of an email.
The same logic can often apply to attachments. Not only are misspelled attachments a red flag, but most organizations use collaboration tools such as SharePoint or Teams, often eliminating the need for email-based attachments. If you receive a suspicious email, never click on or download the attachments.
#5: The "Too Good to Be True" Scam
These emails are designed to get people to click, before thinking everything through. They may incentivize recipients with awards or limited-time sweepstakes, but are likely just malware conduits.
Even if the sender is a familiar contact, awards without context do not bode well for your account's integrity. If you know the sender, reach out to them to verify what you've received.
How Can You Protect Your Business?
Ensure that the “Reply-To” email address matches the sender's email name and email
Implement multifactor authentication
Educate and train employees on cybersecurity best practices
Partner with a Managed IT Services Provider, like eVantage Technology, that has expertise in security best practices and implementing the tools that make the most sense for your business
Invest in an anti-spam solution