Login
iscover
Many scams target finance execs in smaller businesses.
Newsletter
Dodgy email attacks up more than 80%
20 June 2022
•
12 minute read
You’re out of free articles for this month
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
Email attacks on businesses are up 84 per cent and SMEs are more likely to be on the receiving end, according to the latest survey.
The Email Threat Report H1 2022, by security specialist Abnormal, showed companies with 500-1,500 staff get more attacks per mailbox as scammers target specific business roles, usually executives in finance.
The report also identified a growing trend of emails “that encouraged recipients to do something unexpected – pick up their phone and call the scammers”.
They use a variety of scare tactics, such as pending charge, and if the recipient phones the number in the email they are directed to a dodgy website to download a file containing seed malware.
One cyber-security expert said fraudsters were getting smarter to combat the familiarisation of fake email links.
“Today, cybercriminals use highly sophisticated strategies to trick their victims into revealing sensitive information, sending money, or even giving access to their employer’s computer systems,” said Oliver Noble of NordLocker, an encrypted cloud storage service provider.
==
==
“One of the most dangerous cyber threats to a business is social engineering, which occurs when hackers exploit human psychology to gain benefit. Unluckily, human error remains the most common reason for cybersecurity breaches.”
He said irreparable damage could occur when just one well-constructed email was opened and acted upon by a vulnerable employee.
“The overwhelming amount of online communication has been causing many employees to be more distracted and less cautious about which emails they open and which links they click on,” he said.
“Business email compromise attacks usually impersonate a trusted colleague or even the head of a company, a partner, or a well-known service provider to convince a recipient to engage in actions such as revealing confidential data, paying fake invoices, giving away their login credentials on a bogus webpage, or deploying malicious software, such as ransomware, on the victim’s infrastructure.”
Mr Noble suggested five steps businesses should take to combat dangerous emails:
- Train staff to identify signs of malware, especially emails containing attachments or links.
- Use spam filters. Modern systems offer advanced detection of unwanted emails and do a good – although not perfect – job of screening out suspicious messages.
- Implement secure file sharing. Email remains the most common means of file sharing. Sharing sensitive files using an encrypted cloud system can be more secure.
- Ensure employees use strong, unique passwords to connect to your systems. Employ password managers and multifactor authentication.
- Adopt zero-trust network access. This ensures every request for access to digital resources is granted only after a staff member’s identity has been verified.
You are not authorised to post comments.
Comments will undergo moderation before they get published.