How common are email scams?
More than 80 percent of U.S. companies report that their systems have been successfully hacked in an attempt to steal, change, or make public important data. These attacks have been especially successful at smaller businesses or firms with fewer than 1,000 employees.
The consequences of becoming a victim of cybercriminals can be devastating to any business. They could cost your company untold amounts of money, have a damaging effect on your productivity, cause data loss, and tarnish your reputation.
Cost of Doing Business with Cybercriminals
In 2020, cyberattacks via email cost small businesses more than $2.8 billion in damages, according to the U.S. Small Business Administration (SBA).
In 2015, the FBI and the Internet Crime Complaint Center released a public service announcement about the proliferation of Business Email Compromise (BEC). Portrayed by the FBI as a "sophisticated global scam targeting small to large businesses," BECs affected in excess of 2,000 victims worldwide in 2014 and caused more than $200 million in fraudulent losses. The FBI anticipates that the number of victims and the total dollar loss will continue to rise.
It is clear that more and more businesses are falling prey to cybercriminals when it comes to email scams, and the costs of this is staggering.
How Cybercriminals Secure Sensitive Information
Cybercriminals are leveraging phishing emails to hack into a company's sensitive data in record numbers.
Cybercriminals send phishing emails to unsuspecting businesses in an attempt to gain entry into sensitive information. Phishing is an attack that attempts to steal your company's money, or your identity, by convincing you to divulge personal information – such as bank information, credit card numbers, or passwords -- on websites that pretend to be legitimate.
Employee phishing scams are increasing in numbers, and they're also becoming more sophisticated.
Here are three examples of phishing emails:
- Walmart Stores —"Re: CONFIRMED: Steve you are selected"
- Lowe's Winner —"Congratulations Steve! You Are The Lucky Online Winner Of A Brand-New Sweepstakes DeWalt Power Station Entry"
- Kohl's Winner —"Notifications – Re: 2nd attempt for Steve"
These three emails are examples of email scams that are sent to scores of email addresses with the objective of prompting unsuspecting "winners" to relinquish personal and sensitive information. These cybercriminals may request an individual's Social Security number to "verify" their identity prior to sending them an fictitious award they won. They might also obtain banking information so they can send someone a monetary prize.
More Examples of Phishing Emails
- Email account upgrade scam
- PayPal scam
- Advance-fee scam
- Fake invoice scam
- Google Docs scam
- Council tax scam
- Message from HR scam
- Dropbox scam
Let's now explore some methods you can implement right away to prevent your business from becoming a victim of a cybercriminal.
Ways to Prevent Email Scams
Thoroughly Verify Addresses, Subject Lines & Body Copies for Discrepancies
You may find that a fraudulent email account might be off by just one letter from a credible email, or even a single word may be spelled incorrectly within the email message. Being able to detect these errors could save your business a lot of money and hardship.
Avoid Opening Any Email or Attachment from a Sender You Do Not Recognize
Recently, the CryptoLocker virus spread mainly through malicious audio files, malicious PDFs, and other various attachments that businesses advertently clicked on. So, if you don't recognize the sender of an email and you're not expecting to receive a file, do not click on it.
Utilize Multi-Factor Authentication
It is best to always use multi-factor authentication to protect your accounts. There are certain accounts that provide extra security by requiring two or more credentials to log into your account.
Multi-factor authentication makes it harder for scammers to log in to your accounts if they do acquire your username and password.
Do Not Give Your Password Over the Phone in Response to Unsolicited Internet Requests
No bank or other financial institution will request that you verify your account information online.
Cybercriminals will take advantage of you relinquishing this valuable information – like account numbers – and infiltrate your banking accounts, leaving them depleted and you very frustrated.
Validate Links in Any Unfamiliar Email
If you receive an email from a source that you're not familiar with – and it contains links – hover over or right-click the links and look for a credible URL that matches the one the email originated from. It is a red flag if there are long strings of jumbled numbers or letters.
Just one click on a bad link by you or one of your employees could instantly compromise your business's data.
Conduct Job-Specific Security & Privacy Training
As email scams by cybercriminals are becoming more pervasive every year, companies are advised to undergo job-specific security and privacy training. This should happen at least annually. This training needs to be relevant to an employee's job duties and role within the company.
In order to ensure optimum security for a business, it is helpful to practice responding to a data breach. In this exercise, it is recommended that you gather together a cross-functional group that includes your company's chief privacy officer, the IT security team lead, and internal security experts, according to Michael Bruemmer from Experian.
To give you an idea of how frequently email scams are occurring, consider that the average employee receives a scam email about twice a week, according to Symantec Security Center. What this means is that businesses with only 10 employees would be targeted up to
1,040 times in one year.
Guard Your Social Security & Financial Information
In all circumstances, do not give out your whole Social Security number (SSN) to an entity you're not familiar with. You should also avoid divulging your bank details via email.
Be assured that legitimate sources will carry out all financial transactions through a secure portal. It is probably safe to provide your SSN over the phone if you initiated the call and you trust the entity you're communicating with.
6 Typical Characteristics of Business Email Compromise (BEC)
The FBI has identified six common characteristics of BECs to be aware of.
They are:
- Spoofed emails closely resemble a credible email address;
- Fraudulent requests for money transfers that are well-worded and specific to the business being victimized, including asking for appropriate dollar amounts;
- Fraudulent messages frequently coinciding with business travel dates for executives whose emails were spoofed;
- Besides executives, individuals responsible for financials are most commonly targeted;
- Personal email accounts get hacked more than business addresses;
- Businesses and personnel using open-source email face the biggest threat;
Look to Adept Networks for Providing Your Business with Secure Email Services
Adept Networks goal is to provide you with the best network security protection possible, while also keeping your unique needs and budget in mind.
To see how to stop being a sitting duck and instead take control of your security, simply call Adept Networks at 877-664-4779 or contact us, and we'll walk you through your options.