It’s 6 a.m., and an urgent email from the CEO states to wire $40,000 to a supplier ASAP. It seems like an odd request, but do you really want to call an executive at home to verify?
Probably not—and the bad guys are counting on the hesitation. They’ve done their homework on LinkedIn or other social media sites, found a list of possible target employees at the company, and they’ve determined the email address is legit. All that’s left is fine-tuning the vendor details, spoofing the sender, and waiting to see if recipient takes the bait.
Business email scams like these are ridiculously common—in fact, they’re the most common attack vector—precisely because potential thieves understand human behavior. They know that, when it comes to work, most of us would rather do as we’re told than risk getting in trouble with the boss.
But isn’t there a way to defend your company – and your clients - from this type of compromise?
Absolutely. Here are three approaches that can save you time, money, and headaches:
1. Always scrutinize suspicious messages. If a request for a wire transfer or any immediate task involving money is received, take the time to inspect the email carefully. Is the sender really who they claim to be? Attackers often use trick spellings to mimic a domain (substituting a zero for an O, for example, or duplicating a letter). Be sure to hover over the “from” name to uncover the actual sender’s email address, too. And look over the word choice and sentence structure to see if it matches the boss’s typical style.
2. Make sure the staff knows what a scam looks like—and what an exec would never ask them to do. Awareness training software is now widely available to educate employees on how to identify suspect emails and common scam tactics. Have exec team get involved as well by providing the company with ways to verify a message’s authenticity. And consider an internal phishing campaign to see which users might need additional help in recognizing potentially fraudulent messages.
3. Get an advanced email security solution. You probably have some kind of email protection in place, but these days, basic spam defense or firewalls won’t cut it. Take a layered approach to security by choosing a solution that can detect both known and emerging threats, and that has built-in features for preventing phishing scams, malicious attachments, viruses, and other possible threats from ever reaching an inbox.
Bonus: Show your team and your clients you’re smarter by taking an aggressive stance to email security. Curious if you have the right defense strategy to protect your business? Click here to learn more.
Guest blog courtesy of VIPRE Security. Read more VIPRE blogs here.
