Login
iscover
Many scams target finance execs in smaller businesses.
Newsletter
Dodgy email attacks up more than 80%
20 June 2022
•
9 minute read
Email attacks on businesses are up 84 per cent and SMEs are more likely to be on the receiving end, according to the latest survey.
You’re out of free articles for this month
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
The Email Threat Report H1 2022, by security specialist Abnormal, showed companies with 500-1,500 staff get more attacks per mailbox as scammers target specific business roles, usually executives in finance.
The report also identified a growing trend of emails “that encouraged recipients to do something unexpected – pick up their phone and call the scammers”.
They use a variety of scare tactics, such as pending charge, and if the recipient phones the number in the email they are directed to a dodgy website to download a file containing seed malware.
One cyber-security expert said fraudsters were getting smarter to combat the familiarisation of fake email links.
“Today, cybercriminals use highly sophisticated strategies to trick their victims into revealing sensitive information, sending money, or even giving access to their employer’s computer systems,” said Oliver Noble of NordLocker, an encrypted cloud storage service provider.
“One of the most dangerous cyber threats to a business is social engineering, which occurs when hackers exploit human psychology to gain benefit. Unluckily, human error remains the most common reason for cybersecurity breaches.”
He said irreparable damage could occur when just one well-constructed email was opened and acted upon by a vulnerable employee.
“The overwhelming amount of online communication has been causing many employees to be more distracted and less cautious about which emails they open and which links they click on,” he said.
“Business email compromise attacks usually impersonate a trusted colleague or even the head of a company, a partner, or a well-known service provider to convince a recipient to engage in actions such as revealing confidential data, paying fake invoices, giving away their login credentials on a bogus webpage, or deploying malicious software, such as ransomware, on the victim’s infrastructure.”
Mr Noble suggested five steps businesses should take to combat dangerous emails:
You need to be a member to post comments. Become a member for free today!
