Remember when we used to do all our business face to face or over the phone? Thanks to the wonderful invention that we know as the internet, those days are long gone. We can now communicate with hundreds of people every day from the comfort of our desks, just by pressing a few buttons.
We now send over 205 billion emails every single day, and that figure is predicted to rise to 246 billion by the end of 2019. That’s a whole lot of messages, but all that productivity comes at a risk. Emails are to hackers like a damp dishcloth to germs; an open invitation to spread lots of nasty viruses.
You and your team are being targeted by email fraudsters. RIGHT NOW. Organised criminal gangs of hackers are targeting all businesses, especially your size.
They want to steal data, or lock it so you have to pay to get it back. Scammers are so clever now that they can create impostor emails that look so much like the real thing that they can fool even the most savvy business person into handing over important information without even realising it.
You know the scariest thing? They’re targeting YOU – CEOs, MDs, FDs and other senior staff. In our experience, the CEO or MD is most likely to break the rules. Often, they can be the greatest data security risk in the business.
And here’s another important point. Scammers are business people too. Just like every other business person, today’s hacker is looking for opportunities that deliver maximum profits for minimum investments.
Because if they can get you to click on a link in a dodgy email and access your computer, you typically have access to higher level systems. Which is potentially more profitable for them. Instead of wasting time sending phishing emails to random email addresses, cyber criminals are now doing their research to get to the goodies more quickly. They use social engineering tools to carefully select their next targets, impersonating key staff members or trusted partners to trick their victims into transferring funds online.
Hackers use tried and tested tricks that are highly successful in looking totally genuine and not raising any suspicions, encouraging their victims to act quickly and without a thought for verification. Here are just some of them:
- Creating email addresses using domains that look very similar to the real thing
- Using urgent tones: “This needs to be done ASAP”
- Stating that the CEO is in a meeting and can’t be disturbed
- Using a well-known line such as “sent from my iPhone”, implying the sender is in a meeting or on the road
- Using legitimate looking account details, obtained from their social engineering tools
In terms of who they target, the most common victims are senior finance officers (because they’re more likely to have instant access to bank accounts and the authority to use them), closely followed by HR.
Small and medium sized companies are particularly attractive to cyber criminals because they typically have fewer defence mechanisms in place. After all, who would be interested in them?! Well, sadly, hackers would be. Very interested.
Just think about this: if you’ve got 100 employees all sending 100 emails every day, that’s already 10,000 messages full of potentially juicy information that cyber criminals would love to get hold of.
Data breaches have always been damaging, but with the new GDPR regulations just around the corner the implications of not properly looking after customer data are so major that it could be impossible to recover from.
This is about getting the right mix of technology to protect you. And policies to stop humans from messing up.
At Dragon IS, we have a strategy in place to reduce our risks. Do you? If not, read our “5 Steps to Better Email Security” and make sure you’re not a statistic in email crime.