Don’t be Caught by Phishing


Software was installed on your computer, and now you’re being held for ransom.  Customer data has been stolen from your database.  Money has been inadvertently transferred to a fake vendor account by one of your employees.

This is phishing.  Has any of this happened to you?

Cyber crime is a growing threat to all businesses, and has serious and expensive consequences.  And your shop, with expensive inventory and valuable customer data, is a prime target.  

Cyber crime often begins with a type of phishing called “business email compromise.”  In the U.S. in 2019, financial losses from these incidents rose to $1.7 billion, up 37% from 2018!  The trends show these losses are increasing even more this year. 


So What is Business Email Compromise?


These are emails that look legitimate but are actually sent either from fake addresses or from hijacked real addresses.  Because they seem legitimate, they act as sort of a Trojan horse — getting an employee’s attention and persuading the employee to change payment information or send a wire transfer by mistake.  Attachments or links in these emails, once clicked or opened, allow the criminals to deploy malware or ransomware into your system.

And unfortunately, these fraudulent emails are getting more difficult to recognize.  They are often personalized and professionally written, and may reference current news events.  For example, they may address changes in payment schedules due to disrupted workflows and employees working from home due to Coronavirus.

Business email compromise works because it exploits people’s trust, sending them an email that looks real, with legitimate details and information, and often presenting them with an apparent emergency.  In addition they may contain personal information about the targeted individual, such as their work roles and responsibilities.  The personal information is scoured from social media, and the criminals use this information to tailor their messages. 

These individual cybercriminals also work with organized crime syndicates to share information on accessing corporate email.  In fact, criminal use of hijacked or compromised email accounts is also on the rise. 

In the past, most attempts at business email compromise were aimed at financial gatekeepers, such as business owners, general managers, CFO’s, etc.  But the criminals are now expanding their targets to other departments that may have access to money or to third-party vendor payments.  For example, the FBI recently reported an increase in payroll diversions, due to criminals requesting changes to employee’s direct deposit accounts from human resources and payroll employees.

Likewise, vendor-related incidents are on the rise, due to criminals impersonating legitimate, trusted vendors, and persuading someone at the company to make a payment for contracted services.  Or an email asks that the vendor’s information be changed, diverting payments to the criminal’s bank account or address.


And What About Ransomware?


Ransomware is sometimes the end result of business email compromise, and is a constant threat.  Ransomware is when you click on an email link or attachment, and malicious software is automatically downloaded onto your computer, locking or corrupting your system until a ransom is paid.

Recently, the deployment of ransomware has skyrocketed.  In 2019, more than 200,000 organizations had files hijacked in ransomware incidents, which is a 41% increase over 2018.  This ransom can range from thousands to millions of dollars, and averaged $84,000 in the fourth quarter of 2019.

In fact, ransomware has become so lucrative that crime organizations now create prepackaged ransomware “kits” and sell them on the dark web.  The victimized businesses pay the ransom because the criminals threaten a data breach or compromised business operations if they are not paid by a certain time. 

As the number of connected devices grows, and the techniques cybercriminals use continue to improve and evolve, businesses will have to remain hyper-vigilant and proactive.  Please check back in two weeks for our next post, which will cover the best practices you can use to avoid these worst-case scenarios. 

Written by RLO Training