The world is going increasingly digital. Much of business has gone online in the last ten years, and employees often communicate with third parties and clients over email instead of fax or snail mail. That rise in digital communications has given way to greater threats, though, meaning your company is more vulnerable to email-related security issues than ever.
The tough thing about modern fraud is that it’s sophisticated. Gone are the days when the only email-perpetrated frauds were emails from fake foreign princes looking for help. Today’s cybercriminals have grown leaps and bounds cleverer and more technological. Those are the email threats you need to be aware of to protect your company and employees.
Defining Email Threats
Proper training can help your company avoid easy-trap email fraud issues. Make sure all your team members understand and look for the following corporate fraud attempts. Please note that there are many, many others currently employed today, but these are a few of the most common.
Similar account scams — Scammers are so sophisticated today that they can create accounts that look like those with which your company normally does business, save for a couple of small details. They can then email your team to request that money or sensitive information be sent to a different account than usual, for some seemingly legitimate reason or another.
How to avoid the scam: Your spam radar should go off any time such an email reaches your system without a phone call from a company representative. Call your partner company and ask to verify the email in question before sending anything. No legitimate company will ever be put out by such a request, and 99 percent of the time will confirm that their organization did not send the email.
Disaster relief effort scams — Unfortunately, many scammers like to take advantage of people’s goodwill after disasters. Fake charities abound in the aftermath, and they’ll solicit your team for donations to efforts that don’t exist — especially if you’ve donated to causes before. They’ll take that information, create a similar fake charity, and reach out for monetary aid.
How to avoid the scam: Double check a charity’s validity before making any donations. Second guess all solicited requests for monetary aid, for that matter, and do due diligence before contributing to the cause.
Phishing through employment search/poaching scams — Some fraudsters use employees’ interest in better positions to gain access to personal information. This is a form of “phishing,” where average users are tricked into revealing information that can be used to access various digital accounts. These usually include a simple list of questions supplied through email and include a message saying a “company” is interested in offering them a position. The questions will help gauge the person’s fit.
How to avoid the scam: Advise your employees to delete unsolicited emails unless they come from a verified domain name, like that of a company with which you’ve successfully worked before. Even these should be approached with caution, however, as most companies now reach out via LinkedIn or other professional networking platforms. Most legitimate firms do not ask for that much personal information up front, either, and any that do will have several layers of safeguards in place to protect it. In short, link clicking should be done with extreme caution.
A final tip or two: Double check invoices before paying them to ensure account numbers and amounts match your in-house records and verify any changes by calling your partner company. Also, keep records of every transaction. Should fraud make its way into your company, up-to-date and extensive records will be critical in resolving the issues.
Get Help Avoiding Email Threats
If you have questions or concerns about how to keep your company and employees safe from email threats, give a trusted IT provider a call. Its team will audit your operations, identify weaknesses, shore up your defenses, and train your team appropriately to keep email fraudsters at bay.