Sundaymail Editor
Email is one of the most widely used and essential forms of communication in the modern world.
4IR Simplified
John Tseriwa
Whether it is for personal or professional purposes, email allows us to connect with people across the globe, exchange information and get things done.
According to Statista, email is one of the most popular and widely used forms of communication in the world. The number of email users is expected to increase from about 4 billion in 2021 to about 4.48 billion in 2024. But how secure and reliable is email as a medium of communication? And what are the risks and challenges that email users face in the digital age?
In any organisation, one of the most effective ways to get someone’s attention and prompt them to act is to send them an email from the CEO. After all, the CEO is a person of authority and trust, and any communication from them is usually a top priority.
However, this also makes them a target for cybercriminals, who use their identity to trick unsuspecting employees into giving away sensitive information or money. This type of scam is known as business email compromise (BEC), and it can cause severe damage to your organisation.
BEC is a type of cybercrime where the scammer uses email to trick someone into sending money or divulging confidential company information.
Traditionally, BEC scams impersonate an organisation’s CEO or high-level executive to fool victims into facilitating a significant financial transaction. This is how a BEC attack sometimes happens. The scammers do their homework and find out how to impersonate someone you trust.
They may set up fake websites or even register fake companies with similar names as yours in another country. The scammers then hack into your email account, spoof your email address and observe your email activity.
They identify who is involved in money transactions and what kind of invoices and payment methods you use. The scammers build rapport with you and then ask you for money, gift cards or personal information. The scammers pretend to be one of the parties in an email conversation by using a fake or similar email domain. Slight variations on legitimate addresses like [email protected] vs [email protected] fool victims into thinking counterfeit accounts are authentic.
BEC attacks often exploit human vulnerabilities, rather than relying solely on technical vulnerabilities in computer systems.
The attackers may research on their targets, gather information from publicly available sources, or even compromise email accounts to gain insights into ongoing business operations and relationships.
Some common types of BEC scams are:
Data theft
The scammer targets the human resources department and steals company information, such as employee schedules, phone numbers, or personal details. This information can be used to make other BEC scams more convincing.
False invoice scheme: The scammer poses as a legitimate supplier that the victim’s company works with and sends a fake invoice with a different bank account or mailing address. The invoice may look very similar to a real one, with only minor changes.
CEO fraud
The scammer either hacks into or spoofs the email account of the CEO or another senior executive and instructs an employee to make a purchase or transfer money.
Lawyer impersonation
The scammer gains access to an email account of a law firm or a legal representative and sends an invoice or a link to pay online to their clients. The email address is legitimate, but the payment goes to the scammer’s account.
Account compromise
The scammer uses phishing or malware to gain access to an email account of a finance employee, such as an accounts payable manager. The scammer then sends fake invoices to the company’s suppliers or customers and requests payment to a fraudulent bank account.
BEC scams are sophisticated and hard to detect, often using “legitimate” email addresses, domains and logos. They also rely on social engineering techniques, such as urgency, pressure or rapport to manipulate the victim’s emotions and actions.
Therefore, it is essential to be vigilant and cautious when dealing with email requests that involve money or confidential information.
To prevent BEC scams, verify the identity and authenticity of the sender by contacting them through another channel, such as a phone call or a different email address.
Remember not to click on links or attachments in unsolicited emails or texts asking you to update or verify your account information.
It is crucial to use antivirus software and a firewall to scan and block malicious emails and websites.
BEC scams are a severe threat that can affect any organisation regardless of size, industry or location.
Businesses should consider partnering with cybersecurity experts. These experts can provide valuable insights into the latest BEC tactics and help businesses develop and implement effective cybersecurity strategies.
Finally, businesses need to educate their employees, enhance their email security systems, follow strict financial protocols and prepare effective incident response plans.
These measures can help them lower their chances of being scammed by email fraudsters and improve their overall cybersecurity posture.
As cyber threats become more sophisticated and dynamic, businesses must stay alert and proactive in their efforts to secure their digital assets and protect their reputation.
John Tseriwa is a tech entrepreneur and a digital transformation advocate focusing on delivering business solutions powered by 4IR technologies. He can be contacted at: [email protected] or +263773289802.
Tinaye Agere
Online Reporter