Email Scammers Are Targeting B2B Firms In Today’s Work-From-Home Era
The pandemic has sparked a digital shift of positive changes likely remain in place after the pandemic subsides, but it’s also spawned at least one unwanted thing: a range of new email attacks and scams.
Leigh Reichel, new chief financial officer of cybersecurity firm INKY Technology Corp., told PYMNTS that the FBI has found email fraud already costs businesses and individuals $3.5 billion a year — and that seems to be growing.
“We have seen phishing attacks surge since the pandemic started,” Reichel said. “Phishing scams continue to proliferate in the number of attacks and dollar value of losses.”
He said the rising volume of business emails between work-at-home staffers make a perfect target. As much as technology has enabled remote workforces, it has also diminished individual relationships and reduced critical screenings, since employees are more likely to verify an email request when they have a personal relationship with the sender.
Top Four Current Scams
Although the types of schemes and scams are always changing as bad actors adapt to sneak past unsuspecting victims, Reichel said the work-from-home era has brought four particular email theft scenarios to the fore.
“The quality of the branded phishing emails are what sets the latest coronavirus email attacks apart,” Reichel said. “They are believable, up to date and responsive to something people are worried about.”
With the help of kits that can be purchased on the dark web, new and unsophisticated scammers can now send highly authentic-looking branded emails that purport to be from an official health agency but actually link to a replica website that steals your information.
“They are completely automated, and the rapidity of their appearance is striking,” Reichel said.
Ransomware And Malware
Malware masquerading as an attachment in an official email from the government or a company executive is another favorite scam right now.
These emails often suggest that important information about COVID-19 or one’s job is attached. Following an upsurge in such attacks, the U.S. Department of the Treasury’s Office of Terrorism and Financial Intelligence last week issued a pair of ransomware alerts.
“Cybercriminals have deployed ransomware attacks against our schools, hospitals and businesses of all sizes,” the statement warned, while pledging continued vigilance to counter malicious cyberactors.
So-called “spear phishing” scams work particularly well in an environment where so many organizations are changing procedures and so many employees are working remotely, Reichel said.
Spoof emails that impersonate healthcare companies looking to ensure that your coverage remains intact during the pandemic is one new way criminals are looking to gain unauthorized access to your personal data.
And “IT departments” asking for passwords to help improve security while everyone works remotely is another, Reichel said.
Business Email Compromise
The pandemic has caused many companies to amend their operations and procedures, and scammers have been right there trying to exploit the changes.
Reichel said that since so much B2B interaction is now online, that’s opened the door for criminals to intercept emails and then impersonate legitimate executives and vendors. They then dupe back offices with requests to transfer funds to a new account.
What B2B Firms Can Do
Reichel said the most vulnerable companies are the ones that don’t have basic cybersecurity programs that focus on both employee training and an action plan for executives in the event of an attack.
He said anti-phishing software is the best defense in the fight against imposter emails, noting that the use of brand-forgery detection and computer-vision software to detect company logos and other anomalies is the most efficient security solution to prevent CEO fraud.
From INKY’s standpoint, Reichel said the uptick in email scams means “our near-term roadmap focuses on serving the increasing demand from enterprise customers, expanding go-to-market efforts globally, and investing in innovative ways to protect companies of all sizes from email-borne threats of all kinds.”