Protect Your Company From A Common Email Compromise
Our Risk Management department noted that we’ve recently heard from some of our business customers about an uptick in a very common business email compromise – when a hacker gains access to an email account and begins to send emails pretending to be the true email owner.
Hackers often attach malicious content to the emails all in an attempt to get the victim to click on it to further perpetuate the fraud trend. Also, hackers use BECs as a way to trick victims into believing they are speaking with a known contact and attempt to persuade them into providing sensitive information such as usernames and passwords, account information, personally identifying information.
Business Email Compromises can occur many different ways. Some of the most common are:
- Using passwords that are easy to guess
- Clicking on a fake websites that mirror legitimate website that steals login credentials
- Unknowingly downloading viruses as a result of navigating to a malicious site or clicking on an email attachment or link.
Some red flags that your email may have been compromised are:
- Friends and colleagues receiving emails from you that you didn’t send
- Being locked out of your email account though you have not changed your password and were able to login recently
- Seeing additional rules set up in your email settings
- Seeing items in your sent folder that you did not send
Some Red Flags that you may have received a suspicious email:
- Grammar mistakes
- Irrelevant context that don’t make sense
- Emails asking for personal information
- Emails containing suspicious attachments
As always, if you are not sure if the email is legitimate, call or contact the sender using another means of communication to verify its authenticity prior to opening it or downloading it.
To help protect yourself and your email account, be cautious of what you download and click on, use strong passwords, keep passwords secret, and have good security features on your computer. If you feel that a compromise were to happen, call your email service provider for instructions on regaining access. Also your computer should be thoroughly cleansed by a reputable third party to ensure that no additional viruses are present. Then, after your computer has been cleaning, check to make sure emails are not being forwarded out to unknown addresses and check your email signature to make sure it free of unknown.
The Federal Trade Commission (FTC) has some additional resources and tips available on their site at https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity/business
Archives
- October 2024
- September 2024
- August 2024
- July 2024
- April 2024
- February 2024
- December 2023
- October 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- November 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- December 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019