Technology has transformed business efficiency and customer experience, but it’s also transformed organised crime.
Cyber-attacks and scams are becoming more and more advanced, and fraudsters are making fake emails highly believable.
Cyber criminals are early adopters of new technology and they’ll use it to take advantage of you.
Phishing is the typical starting point for malware or business email compromise. It casts a wide net, hoping to catch a few victims via generic emails from a ‘trusted provider’. Phishing emails typically begin ‘Dear Customer’.
The next level, ‘Spear Phishing’, is more targeted. They already know your name and other details and will use that to gain trust.
‘Whaling’ takes this to the next level, where the fraudster will impersonate the business owner or a senior director requesting urgent action, for example an invoice payment via email.
The dark web is a nefarious place, where there is a market for client data and identity documents. These can be used to take out fraudulent loans, or for future attacks. The next-generation of whaling may even use AI-powered voice impersonation to make phone calls requesting payments, a very convincing form of ‘vishing’ or voice solicitation.
Make sure your people don’t take the bait
Phishing emails, texts or phone calls typically seek to extract personal information such as passwords, credit card numbers or bank account details. Scamwatch received over 25,000 reports of phishing scams in 2019.
Fraudsters are past the days of sending a dodgy email at 2am riddled with typos. The fraudster may access details about the staff who transact on behalf of the business from your website’s ‘about us’ page and target those individuals directly.
Think it won’t happen to you? Globally, almost 22% of employees click on a phishing email, putting not only their own identity at risk, but also business data and systems. 15% of people successfully phished are targeted at least once more within the year. It’s important that your staff can identify a phishing email and more importantly won’t click on the links or attachments.
Once they have access to your systems, fraudsters can review your emails for information about who you bank with, your clients and suppliers, and typical communications between clients and staff. This makes it even easier to impersonate someone you trust.
How vulnerable is your business?
Every minute, $2.9 million is lost to cybercrime – including $17,000 a minute through phishing emails.
It’s a good idea to speak with your insurance broker to check what you’re covered for, as there is confusion between fraud insurance and cyber insurance.
For a checklist of email compromise and fraud warning signs, read our guide to email compromise.