Email fraud is a growing danger, and cybercriminals are forever finding new, creative methods of hacking and otherwise exploiting email accounts. Providing the perfect hunting ground with a guarantee of funds but lack of big-player security measures, small businesses are now finding themselves the targets of such scams.
A very common trick of cybercriminals is to hack into web-based email accounts and identify conversations about pending financial transactions, then proceed to impersonate and provide different bank details for funds to be deposited to. This means that a supplier or contractor could have unwittingly facilitated your loss, and will be none the wiser. Of course, such incidents can cause damage to working relationships.
Another top technique is to set up a fake email domain very similar to a legitimate one, which people will then converse with, without recognising any issue.
Naturally, such tricks are meant to look genuine, to not raise any eyebrows, and pass completely under the radar. So it is very important to stay vigilant, and to train everybody within your business to recognise signs of a threat.
Consider the following steps with your business’s email and banking arrangements:
- Confirm bank details on the phone or in person, if possible, before transferring funds
- Make sure to use unique and highly encrypted passwords, and don’t share it with anybody or use the same password for more than one device
- Steer clear of free web-based email accounts, which are far more likely to get hacked. Try a secure, business-specific provider such as Microsoft Office 365
- Pressure to respond or make payments quickly should be considered suspicious
- Keep a look out for differences in the written styles of those you converse with
- Also watch out for changes in email domains and be careful when receiving emails from unknown addresses (or they have been cc’d in)
- Ensure suspicious or unknown attachments are never opened
- Always use two-factor authentication for online banking
- Select an email provider that incorporates security features such as virus and malware protection, and spam filtering
- Make sure up-to-date antivirus software is installed on all company computers
Following these steps will considerably increase your company’s safety against cybercrime. If, however, you do fall victim to such a crime, contact your local police force, as well as Action Fraud – the National Fraud and Cybercrime Reporting Centre.