Email Scams – How Can I Protect My Business?

by Bethany Wright on March 25, 2019

in Policies

How to Spot a Scam Email

How many of you have received emails telling you that “You’ve Won the Lottery!” or “A Nigerian Prince has left his estate of $7.4 million to you! All you need to do is give us your bank account number and we will transfer it to you!”? There isn’t one person that I know who hasn’t received something similar in nature.

Most of us are well aware of what those emails look like and have learned to ignore them. However, we are seeing new and more sophisticated scams than ever these days; with the most recent and common scams using business emails. These types of scams are known as a Business Email Compromise (BEC) and employees are falling for these scams more often than you would imagine.

According to the FBI, from 2013 to 2016, there was a total of 22,292 victims of these BEC’s, with a total exposed dollar loss of $1.5 billion dollars.

The most recent trend in BEC’s right now makes it look like it came from someone higher up in your company such as your company President, CEO, or another higher level executive. The email will seem harmless at first and may say something like “Hey, I need you to run a quick task for me, are you available?” The subject line might say something along the lines of “URGENT” or “Request.” If you respond to the email, you may receive an email back with a request for gift cards.

For example: “I need Apple iTunes gift cards to send out to a supplier, can you make this happen? If so, let me know if you can get it now so I can advise the quantity and amounts to procure.” They will then proceed to inform you that they need say, 15 gift cards at $100 each, and all you need to do is just go ahead and purchase them, and then email the codes from the back of each card to them for confirmation.

The believability of these emails, partnered with the reluctance of many employees to question the executive the email supposedly came from, can cost businesses thousands of dollars, and possibly the loss of a job for the employee who falls for the swindle.

With these sorts of scams becoming more and more sophisticated, what can you do to protect your business and your employees from falling for these cons?

Establish policies and procedures regarding company finances and emails. Then, train employees and develop a confirmation policy. Superior con-people are able to obtain access to an executive’s legitimate email account. This means your employees are your last line of defense against scams like these. While these processes may take time and feel inefficient, the extra time will be worth it when it saves you or your employees from significant financial losses.

Some possible validation processes are:

  • Instead of replying to the sender via the “reply” option, use the “forward” option, and select the email address from the company address book. This will ensure you are sending your response to the correct person, which will effectively stop the scam email chain.
  • Use phone calls, video chat or physical signature verification for items above a specific monetary limit. Speaking with the requester personally will reveal any fraudulent requests and prevent losses.
  • Train your employees on how to recognize and report emails that may be fraudulent. Train them not to respond, click on a link, or open any attachments when an email is questionable or unanticipated. This might create more work for your IT department, but the time spent confirming the emails authenticity will be time well spent.

By educating users and creating and implementing good preventative practices, you can help protect your company attacks like these. Considering all of the money these scammers have already made, they are not likely to stop anytime in the future.

The best thing you can do is be proactive and ensure employees are aware of what threats could look like, and provide them with a multi-step validation process when someone asks for company data, or monetary goods.

Related Posts Plugin for WordPress, Blogger...

Leave a Comment

Previous post:

Next post: