While the prediction of email’s demise has been a recurring theme, its importance, particularly in the realm of cyber malfeasance, remains unquestioned and unabated.
A seemingly legitimate, yet malicious email link continues to be a staple in the cybercriminal’s arsenal, contributing to significant security breaches such as the 2022 intrusion into Twilio’s systems and the previous year’s attack on Reddit.
Identifying malicious emails can be challenging, especially as cyber attackers refine their strategies. These emails, often indistinguishable from genuine communications, take advantage of vulnerabilities within an organization.
Business Email Compromise (BEC) scams, which target entities regardless of their size with the intention of extracting money or sensitive data, involve the impersonation of a trusted figure to deceive the recipient into divulging information unwittingly.
The threat to companies, especially emergent businesses, is significant. The FBI’s recent findings indicate that individuals in the U.S. were defrauded of nearly $3 billion through BEC scams last year, a trend that shows no sign of diminishing.
Identifying a Business Email Compromise Scam
Recognize the Red Flags
Despite cybercriminals’ evolving tactics, several indicators can help discern a fraudulent email. These include communications sent at odd hours, typos, discrepancies in sender and reply-to addresses, peculiar links or attachments, and an unjustified urgency.
Verify Directly with the Sender
With the prevalence of spear phishing, discerning authentic messages from high-level impersonations can be difficult. If an email seems atypical—or even if it doesn’t—corroborating with the purported sender directly, rather than through provided contact details in the email, is advisable.
Consult Your IT Department
The rise of tech support schemes, exemplified by the sophisticated phishing scam targeting Okta customers in 2022, underscores the necessity of skepticism towards unsolicited communications, be it via text or pop-ups, and the importance of verification through official channels.
Exercise Enhanced Caution with Phone Calls
Though email has been a preferred tool for cybercriminals, phone fraud has also seen an increase. Notably, a deceptive phone conversation facilitated last year’s breach of MGM Resorts. It’s crucial to approach unexpected calls with suspicion and withhold private information.
Secure Accounts with Multi-factor Authentication
While not infallible, multi-factor authentication significantly hinders unauthorized access by requiring additional verification methods. Enhancing security with passwordless solutions, such as security keys or passkeys, can further safeguard against data theft.
Tighten Payment Protocols
Cybercriminals often aim to manipulate employees into unauthorized transactions. To counteract this, instituting rigorous payment verification measures, establishing approval protocols, and insisting on secondary confirmation for financial transactions are effective strategies against such scams.
Alternatively, Dismiss Suspicious Attempts
Ignoring dubious BEC scam attempts can also be a viable strategy. Should you suspect a request—from an unexpected purchase order to an unsolicited call—opt to disregard it. However, communication with your IT department about these attempts is essential for preventing future incidents.
Compiled by Techarena.au.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
