Most of us receive hundreds of emails a day between our work and personal accounts, making it difficult to filter out safe versus unsafe messages. Yet in today’s world, we must stay vigilant when it comes to our emails.
Recently, we’ve seen an uptick in wire transfer scams; using a combination of email hacking and registering similar domains, tens of thousands of dollars have almost been wired to the hackers, disguised as a legit recipient. Commonly termed “CEO Fraud,” it’s important to note that it’s not just the CEO of an organization that can be a target.
So how can your email be hacked?
Most of the time, users aren’t implementing good password practices. We recommend passwords:
- Be changed every 90 days
- Use at least eight characters
- Use at least 3 of the 4 groups: uppercase, lowercase, numbers, and symbols
Following these password guidelines will help keep your account more secure.
Another way emails can get hacked is through phishing attempts. Many times, the hackers will pose as having authority and use threatening or obscene language to engage an emotional need for a response. It’s also important to realize that the hacker could have information that you thought was private. If they’ve hacked into your or a co-worker’s email, they could have received access to this information.
Awareness of the wireless network you are connected to is also important. Depending on how your email is configured and if it’s encrypted, being connected to an unsecured Wi-Fi network, could be allowing others to view your emails. You might as well just post your emails up on the local Starbucks bulletin board for all to see. As a best practice, connect only to known, secured Wi-Fi networks and configure email encryption to protect your sensitive data.
Another piece of the wire scam and phishing attempts that we’ve seen lately is using recently registered domains that look similar to the actual domain but just slightly off. Most of the time, without a very close eye, these false domains are mistaken for the actual ones. For instance, two letters could be switched in the domain name, or it could have an “i” instead of an “l”. By doing this, the hackers can request for a transfer of funds through an email that looks like your actual domain but is a fake domain. This allows the response to go directly to the hacker rather than a legitimate employee. One other best practice we recommend for wire transfers is to always speak to the person requesting the transfer and verify it before transferring the money.
Knowing it’s out there, how can you protect yourself from phishing attempts?
Education. The hackers are going after you and your employees. We offer an educational solution that sends spoofed phishing attempts to your employees to help them learn how to better identify these attempts and when not to click.
It’s important to also know that hackers will look to your website and social media for information about your company, your employees, and who they want to target. It’s essential to have a good company website and social media presence, but it’s also important to be aware of what is being published.
If you get caught up in a wire transfer scam, you can hope your bank recognizes it and reaches out to you before moving the money. Unfortunately, you can’t always rely on that to happen. Using a managed service provider, especially one that offers end user security awareness training and additional security services can also help add another level of education and protection for your business.
So remember, when you’re looking at the flood of emails in your inbox: if it looks phishy, it probably is.