The “death of email” has been predicted for years, but it continues to thrive, especially in the world of hacking. Cybercriminals have found that sending malicious emails with seemingly legitimate links is a highly effective tactic. This method has been responsible for some major hacks, such as the breach of Twilio in 2022 and the hack of Reddit last year.
Identifying these malicious emails is becoming increasingly difficult as hackers become more sophisticated. One type of attack that is particularly concerning for businesses is business email compromise (BEC). In a BEC scam, hackers impersonate someone familiar to the victim, like a coworker or boss, to trick them into revealing sensitive information or stealing money.
Startups are especially vulnerable to these attacks, and the FBI reports that individuals in the US lost nearly $3 billion to BEC scams in 2021 alone. These attacks show no signs of slowing down.
There are some warning signs to look out for when trying to spot a BEC scam. These include emails sent outside of typical business hours, misspelled names, mismatched email addresses, unusual links or attachments, and an unwarranted sense of urgency. If an email seems suspicious, it’s important to contact the sender directly to confirm the request.
Tech support scams are also on the rise, so it’s crucial to check with your IT department if you receive any unexpected messages or pop-up notifications. Phone calls are another method hackers use to gain access to organizations, so it’s essential to be skeptical of unexpected calls and never share confidential information over the phone.
Implementing multi-factor authentication adds an extra layer of security to your email accounts. By requiring a code, PIN, or fingerprint in addition to a username and password, it becomes more difficult for cybercriminals to access your accounts. Passwordless technology, like hardware security keys and passkeys, can further enhance security.
To combat BEC scams that aim to trick employees into making wire transfers, stricter payment processes should be implemented. This includes developing a protocol for payment approvals, requiring confirmation through a second communication medium, and double-checking every bank account detail that changes.
In some cases, the best course of action is to simply ignore the attempt and move on. If something seems suspicious, it’s better to be safe than sorry. However, it’s important to report the attempt to your workplace or IT department so they can be on high alert.
In conclusion, email continues to be a favored method for cybercriminals to carry out attacks. It’s crucial for individuals and businesses to be vigilant and take steps to protect themselves from these threats. By being aware of the warning signs, contacting senders directly, involving IT support, being cautious of phone calls, implementing multi-factor authentication, and implementing stricter payment processes, the risk of falling victim to these scams can be greatly reduced.
