Scammers are increasingly sophisticated in how they use email to obtain information from you – they can make emails look like they have been sent from within your business, from your customers, from your suppliers and even from you.
Doing business these days has never been easier. We can pay suppliers online, via smartphones and apps. We can check emails on the go using the same technology. And as consumers, we are used to being able to transact 24/7. However, the very technology that enables us, is the same that can completely disable our businesses in one wrong click. The UK’s Office for National Statistics reported an estimated 2.5m cybercrimes took place in England & Wales in 2014, the first time that such crime statistics were officially published. This is seen as the tip of the iceberg with many instances going unreported to the police. Phishing has become more sophisticated and is subject to two way traffic. In some instances, emails can be made to look like they come from you to obtain information from your customers. In other instances, they are inbound and made to look like they are coming from suppliers, and in other instances they are seeking to access your bank accounts and divert funds out of your business. All organisations should make staff aware of what to look out for, what to be suspicious of and when to be cautious. I have heard of a business where an employee transferred £45,000 out of the company account after receiving an email that looked like it came directly from the company’s bank. Homebuyers are also being targeted when sending money to complete house purchase transactions. They receive Hotmail or Gmail emails advising them that the corporate email is down and requesting they send completion monies through a link. And yes, these are scams. Scammers can copy your corporate image and email templates and, as a result, can send emails that are made to look as though they are coming from legitimate sources.
Read more on cyber security and be prepared for threats:
Scam emails will usually include a link to direct you to input details which enable access to your bank account. Or a link may lead you to install a Trojan (spyware) onto your computer, which then sits and ‘watches’ activity on your machine, indicating to the remote scammer when and how is the best time to approach you. If successful, money is usually transferred to an account outside the UK and can’t be traced. Sadly, IT can only ever be one step behind scammers, but businesses can take steps to minimise the chances of being targeted. Simple as it sounds, staff training is key to securing your email, system and data. The following steps can be taken to improve email security:1. Tighten up internal processes – have strict authorisation processes, only allow certain people to have access to the company bank account, and limit the number of people authorised to transfer money. 2. Ensure a daily ‘clean out process’, which can search and remove Trojan software and other spy programmes. 3. Conduct regular penetration tests of your system and include servers and data. These can also include having people ring up and pretend to be the bank but they should also test physical access into your building(s). 4. Train your staff to detect email scams. This can be done in small bite-sized online training modules as well as more formal in-person training sessions. 5. Empower staff to challenge people and ask the right information before imparting information, this is particularly true of scam calls (also known as vishing) into your business. 6. Install a centrally managed IT system and secure it to ensure better control of technology systems. 7. Move to ‘thin client’ technology so that staff do not need to physically carry programmes and information on their pcs, laptops and smart devices. Andrew Taylor is the technical director of Converge Technology Specialists.Image: Shutterstock
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.