Despite numerous predictions of the impending demise of email, this age-old communication method continues to thrive, especially in the world of cybercrime.
One of the most perilous and successful tactics used by cybercriminals is sending malicious emails disguised as legitimate links. This trick has resulted in some of the most significant hacks in recent years, such as the 2022 breach of Twilio and the hack of Reddit last year.
While these fraudulent emails used to be easy to detect due to obvious signs like poor spelling, hackers are now employing more sophisticated techniques, making it harder to differentiate between genuine and fake emails.
Business Email Compromise (BEC) is a prime example of a malicious email attack that targets organizations to steal money and sensitive information. The risks posed by BEC scams are substantial, with individuals in the U.S. losing nearly $3 billion to these scams last year alone.
How to Identify a Business Email Compromise Scam
Watch Out for Warning Signs
Despite the increased sophistication of cybercriminals, there are still common red flags to watch for in emails. These include messages sent outside regular business hours, misspelled names, mismatched sender and reply-to addresses, unusual links or attachments, and an unwarranted sense of urgency.
Verify with the Sender Directly
Spear-phishing attacks make it challenging to discern the authenticity of an email. To confirm the legitimacy of a message, especially if it seems suspicious, contact the sender directly instead of replying to the email or using the provided contact details.
Consult Your IT Department
Tech support scams, like the sophisticated Okta scam in 2022, are on the rise. Your IT department is unlikely to contact you via text, so be cautious of unexpected messages or notifications and verify their legitimacy.
Exercise Caution with Phone Calls
Fraudulent phone calls are another tactic used by cybercriminals to breach organizations. Stay vigilant against unexpected calls requesting confidential information, even if they appear to be from a trustworthy source.
Implement Multi-Factor Authentication
Multi-factor authentication adds an extra layer of security beyond passwords to safeguard email accounts. Consider using passwordless technology, such as hardware security keys, to prevent theft of login credentials.
Strengthen Payment Processes
Cybercriminals aim to profit from BEC scams by tricking employees into making unauthorized wire transfers. Implement strict payment procedures, require dual verification for transfers, and verify any changes to bank account details to mitigate the risk of falling victim to such scams.
Ignore Suspicious Requests
To minimize the risk of falling for BEC scams, disregard any suspicious requests and report them to your workplace or IT department. Stay vigilant, stay cautious, and help protect your organization from cyber threats.
