SilverBlog

Wisdom from our industry experts and our SilverLink magazine.

 

You’ve Got Mail: How to Identify Fraudulent E-mail

How do you typically start your work day? For most, checking e-mail is an early-morning ritual (sometimes before they even get out of bed). We are fortunate to work in a world of rapid, electronic communication. It helps us get the job done faster. While e-mail may provide us with a quick and easy way to communicate, it also provides cybercriminals with a quick and easy way to target unsuspecting victims.

Over the last two years, the Internet Crime Complaint Center (IC3) has seen a 2,370% increase in actual and attempted Business E-Mail Compromise (BEC) losses, affecting businesses in all 50 states. Since October 2013, those losses total well over $5 billion.¹ You might think fraudulent e-mail activity is an IT problem, but really it’s an organization-wide issue. In order to help prevent breaches, it is imperative to educate and train every employee how to identify a fraudulent e-mail.fraudulent e-mail hook

Understand the Threat

In the context of information security, social engineering is the art of manipulating employees into providing confidential information or performing acts that could be harmful to the company. Social engineers (cybercriminals) have an arsenal of strategies to gather information, launch attacks and con victims through various e-mail schemes.

Phishing / Spear Phishing
Phishing is a common computer fraud technique that begins when a cybercriminal sends an e-mail making a claim that is designed to trick the recipient into providing personal information (such as a username and password). Regular phishing attacks use a “shotgun” approach by sending one, generic e-mail to hundreds or thousands of potential victims. Spear phishing, on the other hand, uses a targeted approach aimed at specific individuals or organizations and relies on the use of personal information to make the e-mails appear more convincing and trustworthy.

BEC
BEC is a sophisticated attack that targets businesses of all types, but especially those that perform wire transfers. BEC can take a variety of forms, but most often begins with a fraudulent e-mail to employees with access to company finances. These cyber attacks focus on tricking employees into transferring funds or valuable private information directly to the cybercriminal.
These methods can look sophisticated and convincing. However, there are some telltale signs you can look for to identify potential threats and prevent attacks.

Stay Cautious. Be Proactive.
How many e-mails do you think you opened just today? For some, that number easily exceeds 50. Given the constant and frequent use of e-mail, it can be easy for employees to let down their guard and make mistakes. But one innocent mistake could throw an entire company into a cyber tailspin. While it’s important to regularly update computer networks, firewalls and anti-virus software, that’s just a starting point. In order to effectively manage cyber risk, the entire company needs to get involved. Train everyone – from CEOs to entry-level employees – on how to spot fraudulent e-mails. Practice multi-level authentication and only permit verbal confirmation for financial requests with legitimate business partners at established telephone numbers. Encourage employees to use strong passwords and change them often, and make cyber risk awareness an ongoing discussion. If you suspect your organization is the victim of a BEC scam, act quickly. Report it to your bank immediately and call your closest FBI office. Also, make sure to report the incident to the IC3 at www.ic3.gov. Delayed reporting could make it difficult to stop wire transfers and recover money.

Don’t Get Hooked!

Take a look at the following image.  Can you spot the six suspicious elements? Click on the image to reveal the answers.fraudulent email

For more helpful tips or an assessment of your current cyber risk management plan, contact the Professional Risk Services Team at SilverStone Group.

¹ FBI Chicago Warns Area Business Owners of Business E-Mail Compromise Scam. November 9, 2017. FBI website. Accessed on November 29, 2017 at https://www.fbi.gov/contact-us/field-offices/chicago/news/stories/fbi-chicago-warns-area-business-owners-of-business-e-mail-compromise-scam

This article originally appeared in the 2017 | ISSUE THREE of the SilverLink magazine, under the title “Caution: You’ve Got Mail” To receive a complimentary subscription to the SilverLink magazine, sign up here.

Print This   Share This
 
Comments... Hide