Business Tech | The Risks of Email Compromise

We’ve talked at length before about email security in the business world, but this issue cannot be understated. According to AIG (one of the insurance companies that cover business losses due to cyber risks), the largest threat for businesses today are email breaches. Compromised emails cause more overall damage than ransomware and even data breaches by hackers. Why are scammers hitting business email accounts so hard? If you understand the possible motives for email compromise, you’re more likely to take the proper precautions on all communication avenues. 

Email Compromise Motives

Most business professionals are well versed in phishing schemes and outright hacking. The motive is to gain access to sensitive data. The email compromises we see work a little differently. Often these scams aren’t about getting data or launching a ransomware attack (though those types of attacks still happen and you should have security protocol in place for those, as well). Often, email compromise is about a one-time theft of money. In some cases, the scammer may come back for payment more than once, if they’re sure that the target isn’t already aware of the scam.

In these attacks, the scammers have inside knowledge about the target. They may have gained access to email accounts, which means that they can read through all sent and received emails to gain a picture of current projects, vendors, and colleagues that the target deals with routinely. The email account that they’ve compromised is also not necessarily the one they target to send fraudulent requests to. That’s what makes this type of scam so hard to identify and guard against. If you’ve followed all best practices and are confident your own account is secure, you might be less wary about the emails you receive from trusted sources — like your boss or vendor.

Be Aware

Take this, for example: a hacker compromises the email account of someone in your company. They’ve read through and figured out which vendors are being used for current projects. They can also do some research online to find all the players in your company. Then they would go about setting up fake email and payment accounts. Once they have all of that in place, they might send you a fraudulent invoice with payment details. Or they might send an email that appears to be from your superior or even the head of the company, instructing you to send payment to a vendor. The payment, of course, would go to the hackers. These scams often look authentic and use proper English. There’s very little to differentiate them from legitimate correspondence. And major companies with excellent security protocols have still fallen prey to these types of attacks. The best approach is to not pay for anything that you didn’t have scheduled, at least not without verifying the request directly.

Integrated Axis | Your Cyber Security Expert in the Southwest

If you’re looking for a company to build your strategy for email security in the Tucson and Phoenix area, contact Integrated Axis today. Our experienced staff can assess your process and deliver the exact IT services you need.