Even though there are many ways to communicate online, email remains the number one communication tool for most businesses, even in 2020. However, the more emails you receive and open, the greater the chance of something with malware slipping by. Because of this, you need to find the safest email provider for your online business. According to the 2019 Adobe Email Usage Study, 43% of Americans check their work email every few hours. Unfortunately, people often don’t check twice what they click on, which can be devastating when it comes to online businesses. According to Keepnet Labs, many online companies have had to learn this the hard way, as 85% of organizations have been victims of a phishing attack. Still, only 3% of users report a phishing email to the higher-ups.
What Tactics Do Cyber-Criminals Use?
Email security is tricky because scammers, hackers, and other cyber-criminals don’t use just one tactic to breach your email. Most are familiar with the “Nigerian prince scam,” the “Only remaining relative scam,” so they keep their guard up when they see something like that, making these tactics less effective today. This is why email scammers have had to adjust and become much more sophisticated in their attacks, especially against businesses. To achieve this, scammers rarely use regular phishing tactics but are making sure to target their victims better. To better understand, here are a few more sophisticated tactics that cyber attackers use against online businesses:
- Spear-phishing
Regular phishing is simple to execute and costs nothing, but it’s a hit-or-miss tactic that doesn’t take much effort to figure out and avoid. The main problem with regular phishing is that it casts a vast net and is not very targeted. Spear-phishing, on the other hand, is. If we can say that a typical phishing attack is like casting a net and hoping to catch much smaller fish, a spear-phishing attack is like using the phishing pole with the right bait to see the big fish. This type of phishing attack has become so prevalent today that, according to ProofPoint’s 2020 “State of the Phish” survey, 88% of all their survey participants suffered a spear-phishing attack in 2019.
- Business email compromise (BEC) attack
Another type of email attack online businesses can be victims of is the BEC or business email compromise attack. This sophisticated email scam is the perfect example of how scammers use research to target their victims better. In a BEC attack, the attackers will first find a weak point: someone with access to the company funds, then impersonate that person. According to the FBI, BEC comes in 5 types:
- CEO fraud – Where the hacker impersonates the company CEO or other high-level executive and sends emails to employees with access to company funds with requests for urgent (and usually private) money transfers.
- Impersonating an attorney – The scammer impersonates a lawyer to scare their victim with a lawsuit unless the victim sends them money.
- False invoice – Or impersonating a supplier and requesting a money transfer to a fake account.
- Data theft – In this BEC attack, the scammer typically goes after the HR to find info about the CEO or other higher exec and then uses that to scam them.
- Account compromise – Finally, the account compromise attack is a BEC attack in which the scammer hacks an employee’s email and then uses that email to request payments from vendors.
How Online Businesses Can Protect Against Email Scams?
Businesses lose millions of dollars every year due to email scams. If you own an online business, you, too, can be a victim of a phishing or scam attack that could cost your company money. Today, it’s not a question of “if” your company will be attacked but “when.”In Q1 2020, SAAS and Webmail were the primary targets for phishing attacks at 33.5%, followed by financial institutions at 19.4% and the payment sector third at 13.3%. However, no industry or company, no matter how big or small, is immune to cyberattacks. So, how can you protect your online business from an email scam or malicious email? Start by educating yourself and your employees on recognizing an email scam or a phishing email. Most scams work because the victim doesn’t look closely enough at the email they received or opens something without thinking. Always ensure that the email you get is who they say they are, and never allow yourself to be scared into doing something. For instance, if the CEO suddenly emails you to make an urgent wire transfer to their account using the company funds and wants you to “keep it between you two,” this should raise some alarm bells. Double-check this with them over the phone or someone else in person. Unfortunately, as mentioned, only 3% of phishing attacks are reported to higher-ups. It’s essential to note a phishing attack, even if you caught it so that the next person in your position is also ready for it if a similar one is repeated. Of course, sometimes, no matter how careful you are at what you open, mistakes happen, so you can’t rely solely on catching malicious emails that way. You must use the safest email service, HyperKitty: Armored Email. With HyperKitty, your personal and business emails are protected with the strongest encryption at transit and rest. This includes encryption for the body, subjects (on paid plans), and attachments. Furthermore, HyperKitty also provides high-level virus protection, protection against brute-force attacks, multi-factor security, anonymized IP, and much more. If you want the safest email provider to protect your online business, sign up today for a HyperKitty email account.