NEW YORK – May 16, 2022 – (Newswire.com)
Mimecast: There’s nothing worse than feeling scammed, but having your business scammed is particularly hard. Business email compromise is a phishing attack that targets businesses to steal money, sensitive information, or other personal account information. These attacks can be difficult to prevent because criminals can use social data collection techniques, such as spoofing and intimidation, to extort users.
Malicious actors often prepare for corporate email compromise attacks by identifying their targets through basic online searches, obtaining employee contact information, and creating a profile about the organization.
What does a business email compromise scam look like?
In a business email compromise scam, criminals send an email that appears to be from a known source making a legitimate request. They can present themselves in several ways:
- They have spoofed an email address that looks like the one you recognize. For example, if the victim’s email address is [email protected]a scammer can use a variation such as [email protected]. Take note of how the cyberattackers domain name is misspelled.
- You receive an email from your boss or another company executive asking you to quickly process an invoice or suddenly change vital payment information.
- The message is short, very urgent and urges you to bypass standard company procedures.
- The sender says he is traveling and unable to communicate directly – with a signature indicating that the email is from a smartphone.
- The email is from a personal email account rather than an official company account.
According to the Cisco Talos Intelligence Group, the pandemic has provided many opportunities for bad actors to commit corporate email compromise attacks. In one nasty example, an attacker impersonated the CEO of a company by telling an employee that the company was looking to donate gift cards to a local hospice group. However, once the gift cards are acquired, they would be sent directly to the criminals and not to the care group.
Gift cards are a popular form of currency for cyber attackers, as they are a quick and easy way to launder money by selling the cards. In addition, they are difficult to trace.
How to Avoid Business Email Compromise Scams
The easiest way to ensure that you don’t become a victim of work email compromise is to create a strong, unique, unused password across multiple accounts. If you want extra protection, you can choose to use a password manager and generator.
Be sure to update your apps, operating systems, software, and browsers to always run the latest versions. Updates often contain fixes for security vulnerabilities that cyberattackers can better exploit.
If your company doesn’t already use security software, consider using one from a reputable company and install it on all devices for the best protection.
Remember that your email address is linked to a lot of crucial personal information. Thus, implementing additional security measures such as two-factor authentication (2FA) makes it harder for cybercriminals to breach accounts.
Train your employees to identify business email compromise scams
Educating your employees and making sure they know what a business email compromise scam looks like is just as important as trying to avoid them altogether. Your team should also know the next steps.
By understanding how these attacks work and taking the necessary steps to protect your business against them, you can help reduce risk.
press release department
Your CEO Doesn’t Want Gift Cards: Signs You’re Being Scammed