You have 0 free articles left this month.
Register for a free account to access unlimited free content.
Powered by MOMENTUM MEDIA
accountants daily logo

Dodgy email attacks up more than 80%

Technology

Many scams target finance execs in smaller businesses.

By Philip King 11 minute read

Email attacks on businesses are up 84 per cent and SMEs are more likely to be on the receiving end, according to the latest survey.

The Email Threat Report H1 2022, by security specialist Abnormal, showed companies with 500-1,500 staff get more attacks per mailbox as scammers target specific business roles, usually executives in finance.

The report also identified a growing trend of emails “that encouraged recipients to do something unexpected – pick up their phone and call the scammers”.

They use a variety of scare tactics, such as pending charge, and if the recipient phones the number in the email they are directed to a dodgy website to download a file containing seed malware.

One cyber-security expert said fraudsters were getting smarter to combat the familiarisation of fake email links.

“Today, cybercriminals use highly sophisticated strategies to trick their victims into revealing sensitive information, sending money, or even giving access to their employer’s computer systems,” said Oliver Noble of NordLocker, an encrypted cloud storage service provider.

==
==

“One of the most dangerous cyber threats to a business is social engineering, which occurs when hackers exploit human psychology to gain benefit. Unluckily, human error remains the most common reason for cybersecurity breaches.”

He said irreparable damage could occur when just one well-constructed email was opened and acted upon by a vulnerable employee.

“The overwhelming amount of online communication has been causing many employees to be more distracted and less cautious about which emails they open and which links they click on,” he said.

“Business email compromise attacks usually impersonate a trusted colleague or even the head of a company, a partner, or a well-known service provider to convince a recipient to engage in actions such as revealing confidential data, paying fake invoices, giving away their login credentials on a bogus webpage, or deploying malicious software, such as ransomware, on the victim’s infrastructure.”

Mr Noble suggested five steps businesses should take to combat dangerous emails:

  • Train staff to identify signs of malware, especially emails containing attachments or links.
  • Use spam filters. Modern systems offer advanced detection of unwanted emails and do a good – although not perfect – job of screening out suspicious messages.
  • Implement secure file sharing. Email remains the most common means of file sharing. Sharing sensitive files using an encrypted cloud system can be more secure.
  • Ensure employees use strong, unique passwords to connect to your systems. Employ password managers and multifactor authentication.
  • Adopt zero-trust network access. This ensures every request for access to digital resources is granted only after a staff member’s identity has been verified.

Philip King

Philip King

AUTHOR

Philip King is editor of Accountants Daily and SMSF Adviser, the leading sources of news, insight, and educational content for professionals in the accounting and SMSF sectors.

Philip joined the titles in March 2022 and brings extensive experience from a variety of roles at The Australian national broadsheet daily, most recently as motoring editor. His background also takes in spells on diverse consumer and trade magazines.

You can email Philip on: This email address is being protected from spambots. You need JavaScript enabled to view it.

You are not authorised to post comments.

Comments will undergo moderation before they get published.

accountants daily logo Newsletter

Receive breaking news directly to your inbox each day.

SUBSCRIBE NOW