The recent cyber attack on telecoms provider TalkTalk has sparked security fears among businesses of all sizes. In the wake of this high-profile hack, we have seen a big increase in the number of smaller firms asking us for online security advice and help to protect against email scammers.
Email scammers target small businesses too!
While the attack on the TalkTalk website has dominated the headlines, sophisticated new email scams are posing a potentially bigger threat to small businesses. Online fraudsters recently duped two of our clients out of tens of thousands of pounds with one such scam.
They sent an email to the financial controller of one firm that looked like it had come from the managing director, asking him to transfer money urgently to an overseas bank account. The criminals had set up a domain name that was almost identical to the MD’s email address, apart from one character that was different.
Another client targeted by email scammers received a message purporting to be from a supplier in the Far East, notifying them that their shipment was ready for despatch and asking for payment. Again, the bogus email address was only slightly different from the real one.Criminals sometimes pose as suppliers and email businesses to say that their bank account details have changed.
What makes these latest email scams different is that fraudsters are going to great lengths to research businesses and their senior staff. Worryingly, when one of our clients replied to the email asking for information, they actually received a response.
Simple steps to protect your business from email scammers
To protect your business from such sophisticated ‘whaling’ attacks, just follow these simple steps. Firstly, instruct your staff to confirm any email payment requests verbally with you first, or include a secret word or phrase in your emails to validate any payment requests.
While the email addresses were incorrect in both the cases mentioned, the managing directors’ names appeared correctly as the display names. So also check the ‘To’ email address and don’t rely on just the name displayed when judging the authenticity of emails.
For all the concern about cyber security, the criminals behind the latest email scams are targeting human beings rather than testing the effectiveness of your online security. It’s essentially no different to them copying your letterhead and posting the transfer request to you.
But by teaching your staff to be vigilant you can keep one step ahead of the criminals. If you’re unsure about the authenticity of an email you can forward it to email@example.com and we will check it for you.