Simplest approach is to cut greedy fat as much possible. In past 2 years, Business Email Compromise schemes have caused at least $3.1 billion in total losses to approximately 22000 enterprises around the world, according to the latest figures from the FBI. Since January 2015, there has been a 1300% increase in identified exposed losses, amounting to an average loss of $140,000 per scam. The potential damage and effectiveness of these campaigns compelled the FBI to issue a public service announcement detailing how Email Compromise scams work and how much damage it can cause to targeted employees and companies – in both private and public sectors.
The FBI defines Business Email Compromise as a sophisticated email scam that targets businesses working with foreign partners that regularly perform wire transfer payments. Formerly known as the Man-in-the-Email scam, Email Compromise typically starts when business executives’ email accounts are compromised and spoofed, with the fraudster sending emails to an unknowing employee instructing them to wire large sums of money to foreign accounts. While some cases involve the use of malware, Email Compromise schemes are known for relying purely on social engineering techniques, making them very hard to detect. Recent incidents showed how employees were duped by emails masquerading as legitimate messages coming from company executives asking for information.
Businesses are advised to educate employees on how Email Compromise scams and other similar attacks work. These schemes do not require advanced technical skills, use tools and services widely available in the cybercriminal underground, and only needs a single compromised account to steal from a business. Some tips on how to stay safe from these online schemes:
Carefully scrutinize all emails. Be wary of irregular emails sent by high-level executives, as they can be used to trick employees into acting with urgency. Review and verify emails requesting funds to determine if the requests are out of the ordinary.
Raise employee awareness. While employees are a company’s biggest asset, they can also be its weakest link when it comes to security. Commit to training employees, review company policies, and develop good security culture.
Verify any changes in vendor payment location by using a secondary sign-off by company personnel.
Stay updated on customer habits, including the details, and reasons behind payments.
Verify requests. Confirm requests for fund transfers when using phone verification as part of 2-factor authentication, use known familiar numbers, not the details provided in email requests.
Report any incident immediately to law enforcement and file complaint with your service provider.
Choose a Custom Mail Server, SSL Secured with Firewall. We suggest cloud servers of http://www.solutionpoint.in
Ref. Trend Micro / SolutionPoint.in