According to a report from the Australian Competition & Consumer Commission, individuals have lost some $22.7 million in dating and romance scams last year in Australia. The report added that more than 25 percent of the time the perpetrators of the scam used email to initiate contact with their victims making it one of the most prevalent methods used by cyber criminals.
And sure, the actions of lonely people looking for love in all the wrong places may not directly impact your business, but it does raise some interesting questions. As we learned from the Ashley Madison hack in the USA, some employees have no qualms when it comes to using company email accounts for purposes other than business. You would like to think that your staff wasn’t using a corporate email account to put the moves on internet-based sheilas or blokes, but you never really know what extracurricular activities they pursue.
That’s the thing with email scams. It would be nice if your employees had the common sense to realise when something in their inbox was too good to be true, but the reality is you have no idea how they will respond when something tempting appears. This isn’t an issue for your company when the cybercriminal is targeting a single person, but email scams have evolved from ones that target individuals to ones that target companies. After all, it is more lucrative to steal information from an entire business or infecting their systems with malware than picking off individuals one by one.
It is important to understand your organisation’s email is, and will likely remain, the easiest way for cyber criminals to penetrate your company. That’s because of the human element involved in email. You never know how an employee will react when something arrives in their inbox. Hackers know this and keep finding new ways to present their scams. All they have to do is send the email, sit back and wait for someone to take action.
The fact is email scams in and of themselves are harmless. An unopened email can’t really hurt your company. They only become effective when someone opens up an infected attachment or offers up information. Essentially they only work when someone at your organisation opens the proverbial front door and lets them in. Of course, many SMBs think they are immune to these types of scams. After all, who would bother targeting little businesses when there are much bigger fish in the sea?
However, cyber criminals could care less if you have ten employees or ten thousand. As long as their scam works, they’re happy. If they were going to try and target anyone, it would make sense to start with SMBs and not massive multinational corporations because the success rate is much higher in this case. The reason being that SMBs generally have weaker email and spam protection than large corporations as well as less employee training programs when it comes to identifying malicious emails.
Another thing to remember is email scams don’t need to originate from Australia to target Australian businesses like yours. Email can obviously be sent from anywhere in the world and hackers can easily profit from stolen data regardless of if they are in Manly or Mozambique. Stolen data may be bad but it is ransomware that continues to be one of the most devastating pieces of malware transmitted via email. Once installed on a computer, ransomware will prevent you from accessing files on your network until you pay a ransom using Bitcoin. This payment method is hard to trace and allows cyber criminals to collect their money from almost anywhere.
One of the most recent email scams using ransomware was ‘Locky’ which hid in spoofed emails from the Australian Post Office. The Sydney Morning Herald reports that the email appears as if it is from Australia Post, notifying the recipient to print a form which has been attached to the email and bring it into an AusPost store to collect a parcel.
Once the attachment is opened it embeds itself into a user’s computer blocking access to files. And if that computer is connected to a network, ransomware can easily spread preventing access to most files until the money has been paid to the cyber criminals. Unless you have data backups ready, you’ll be forced to pay the ransom to get your data back.
But that’s not all. Earlier this year, CERT Australia (CERT), the national computer emergency response team, revealed that a new phishing scheme has been targeting businesses in an attempt to get them to willingly give up sensitive employee information. The email appears as if it is from the owner or executive of a company and is sent to the human resources department asking for staff details. Since the HR department will likely trust the sender, they gladly provide it. Unfortunately, the email address has been spoofed to look like the company’s email but it is actually a hacker who will use it to commit identity theft or tax fraud.
This is simply the tip of the iceberg when it comes to email scams targeting SMBs. There are countless other scams out there and they grow in number and believability each day. Unless your company doesn’t use email or has robots who won’t fall victim to social engineering tactics answering emails, your company is at risk. It’s impossible to completely protect yourself from these scams, but you can take steps in the right direction to help mitigate their risks.
For starters, make sure you have email and spam protection in place for your email system. Doing this will help minimise the chance of a malicious email from reaching your employees. A good program will scan all attachments, looking for malware while also taking other precautions to weed out potentially dangerous emails.
You will also need to take the time to either train your employees on how to identify suspicious emails or bring in someone to do it for you. When it comes to email scams, knowledge is power and the more your staff knows, the better able they will be to avoid scams. Recognising real email addresses from spoofed ones, understanding what information should and should not be given out via email and how to identify potential scams are just a few of the things they should learn.
The Director of Empower IT, Salim Sukari says, “When it comes to email scams, businesses in Australia are at risk. There is no one way to protect your business since the scams are always evolving and the bad guys do seem to always be one step ahead of the good guys. However, by educating your employees on the importance of email safety and implementing strong email protection, you can reduce the likelihood of an email scam troubling your business. Finally, if you think you have fallen victim to an email scam, be sure to contact the authorities as you would do in the event of any other crime.”
The team here at Empower IT takes security very seriously. Get in touch with us if you have any questions about email scams or how to protect your company’s IT.