Smarter Security for 2021: Three Steps to Defeating Email Scams
In the current climate of remote working, the presence of a familiar face or name can be particularly reassuring and comforting. Unfortunately, the tendency for an organization’s users to let down their guard when receiving any messages from apparently-known senders only fuels the growing scourge of scam emails.
Cyberattacks conducted via fraudulent emails are favored by crooks—and for good reason. According to the Verizon 2020 Data Breach Investigations Report, “One key takeaway is that the weakest link in many organizations is their staff. Is it likely that the average user (who was targeted based on their access to data) will challenge a request that appears to be coming from someone who has the authority to fire them? Our Magic 8-Ball data indicates that signs point to no.”
For example, imagine a junior accountant in your company gets an email from the CFO, asking them to immediately transmit a wire payment to a vendor for $25,000. She’s never asked that accountant to do this before—but the vendor firm is legit, and the amount seems valid. Would that subordinate staff member comply without question? Or would they give the CFO a quick call to verify this seemingly straightforward transaction, even if it meant interrupting a meeting?
Or consider a more mundane situation, one that doesn’t involve any request to send money. What if the CFO sends a link to your accounting department and suggests everyone check out an article she just read? Would they click on the link? Would they even think twice to make sure the email was real?
Even your company’s most credulous co-worker can recognize the old Nigerian prince swindle, but when the sender appears to be someone they work for—and the request seems plausible—the lines between ruse and reality may quickly blur. If an employee dares to question what the boss says, they could get in trouble. But sending thousands of dollars to an unknown bank account, or inadvertently unleashing malware on the entire company network, is far more disruptive to your organization—and that employee’s career prospects.
Three-Step Strategy to Fighting Fraudulent Emails
All of the above raises two fundamental questions: How can your organization’s users be better prepared to identify these fraudulent emails? More importantly, can you prevent such email scams from ever hitting your inbox or your clients’ inboxes in the first place?
Happily, solving both challenges is simply a matter of employing these three proven techniques:
- Up your email security game. Email is now the number one attack vector for online threats—so if you don’t have an advanced solution in place, you’re not going to be protected. Period. Look for a multi-layered solution that can detect both known and emerging threats, and that will automatically filter out malicious attachments, viruses, phishing scams, and other possible hazards.
- Educate users on what’s real—and what’s not. You might not be able to completely outwit would-be attackers, but by implementing security awareness training (SAT) programs you can give your users in-depth guidance on how to identify suspicious emails and common scam tactics. Another educational tool is the internal phishing campaign: here your IT team intentionally tries to dupe users in order to identify your greatest vulnerabilities, and who needs more help in spotting suspect emails.
- Always, always read emails carefully. If something suspicious does make it to the inbox, it’s the job of the user to be discerning. Any request for an immediate transfer of money should raise a red flag, and any link sent in a message body that lacks substantive content should also give pause. Hover the cursor over the sender’s name to see if it’s coming from the expected email address, and watch out for possible trick spellings in the email domain (e.g., microsoft.com is actually micr0soft.com or microsoftt.com). Ask yourself if the person supposedly sending the suspect email would really write in that style or make that request.
Potential attackers rely on your users’ hesitation and their natural inclination to trust the people with whom they work. Show your team and your clients you’re smarter by taking this aggressive three-step approach to email security.
Wondering if you have the optimal defense strategy to protect your business? Click here to learn more.