We’re always warning you about the latest phishing emails. That’s because cyber criminals have some pretty sophisticated tools these days that help them create extremely sneaky messages.
Most of the phishing emails look like they are legitimate and came from an actual company that you do business with. They will spoof logos from companies like Netflix and Apple to trick you into clicking malicious links that lead to identity theft, malware or some other scam.
But sometimes, cyber criminals send off some pretty simplistic email scams. And you won’t believe how many people are still falling for them in this day and age.
Scammers dusting off some oldies but goodies
The FBI describes Business Email Compromise as “a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.”
Basically, a BEC scammer attempts to trick employees into sending money transfers or handing out sensitive information, by impersonating executive email accounts. These attacks are initiated either by social engineering tricks, email spoofing or malware, targeting employees from companies across the U.S.
Now, hackers are posing as employees who have already been compromised to send emails targeting co-workers. The emails appear so legitimate it’s easy for people to get taken. BEC scams range from simple fake invoice schemes to elaborate impersonations aimed to siphon money out to the criminal’s bank accounts.
According to a recent report by Barracuda Networks, the scammer doesn’t necessarily have to include malicious links in the emails. Instead, they rely on plain text messages that are surprisingly effective when worded right. One researcher said, “The attack is simply a plain text email intended to fool the recipient to commit a wire transfer or send sensitive information.”
So, how do we protect ourselves from this growing menace?
Be vigilant with email communication
Check email addresses carefully, especially those supposedly coming from executives demanding financial transactions. A missing or additional character on the address could spell the difference between safety and compromise.
Set up two-factor authentication
Use two-factor authentication for fund transfers and corporate email accounts. Use known phone numbers for verification and avoid displaying these phone numbers on email correspondence.
Two-factor authentication means that to log into your account, you need two ways to prove you are who you say you are. This adds an extra layer of security and should be used whenever a site makes it available. Click here to learn how to set up two-factor authentication.
Be careful with social media
Curate your social media feeds and avoid posting vital corporate workflow details. Don’t fall for those “Like and Share” scams that could lead to identity theft.
Be wary of email links and attachments
Phishing attacks are extremely effective for cybercriminals, especially if they’ve already victimized someone in your organization. Make sure to scrutinize link addresses inside emails before clicking and do not open attachments from email accounts that are not trusted.
One thing to watch for with phishing attacks are typos; criminals are typically careless with spelling and grammar. If you receive an email or notification from a reputable company, it should not contain typos. Take our phishing IQ test to see if you can spot a fake email.
Use unique passwords
Many people use the same password for multiple websites. This is a bad idea. If your credentials are stolen from one site and you use the same username and/or password on others, it’s easy for the cyber-criminal to get into each account. Click here to find out how to create hack-proof passwords.