Don’t be duped by email fraud

By JLT Specialty

FIRMS don’t have to be household names to be targeted by criminals looking to access their email accounts, as a growing number of mid-market businesses are discovering.

From phishing to hackers, many businesses are still under-prepared and under-insured for today’s risks, but companies can improve their protection.

Phishing emails

Phishing, in which criminals use emails to trick recipients into revealing personal information, passwords and account information, is a key part of the risk. Recipients usually receive an email purporting to be from a business they have dealings with and are invited to click on a link or attachment. This may lead to a fake version of the customer website, which will record their log-in details, or expose their computer to viruses.

Using social media

Part of the problem is that scams are becoming increasingly sophisticated and difficult to spot. Many phishing emails in the past gave themselves away through typos, poor English and obviously fake email addresses or website address links.

That’s no longer the case.

Criminals are making use of information legally obtained, using social networking sites to send emails purporting to come from people their targets know and tailoring messages to them more precisely: so called “spear phishing”.

LinkedIn is a prime target for scammers looking to connect with professionals in a variety of industries.

Banking scams

There are countless others that target businesses’ banking facilities – from fraudulent phone calls and emails looking to gain access to accounts (“vishing”) to viruses used to steal log-in details.

Resisting the bait

The threats continually evolve, and criminal methods keep developing. As a result, it’s very difficult to always be one step ahead. That doesn’t mean there is nothing businesses can do, however!

First, as well as reviewing your technological defences and processes to ensure basics such as virus protection and patches are in place, businesses should educate staff to minimize the risk of a phishing email being opened.

Businesses should also examine their insurance protection as they may have various policies and covers in place, but you should not assume you are covered for your cyber security.

Email fraud is a fast-moving and increasingly sophisticated threat to businesses so ensuring your internal processes are up to date, as well as having the right insurance in place is key to protecting yourself, your employees and your clients against the potential risks faced.