How to Overcome Your E-mail Insecurity - Part 2 of 3

Business E-mail Compromise (BEC)
For the last two years this has been a growing threat to small businesses.  It is a phishing e-mail, whereby the hacker poses someone of authority, your boss, the CEO, the CFO, the IRS, etc. and asks you to send either your employees HR data, ex. W-2 information, customer information, send money or buy gift cards.  The things to look for in identifying a BEC attempt is:

• Usually sent off hours or right before you are about to leave for the day.
• Has the appearance of being from someone you know, work with, or government agency, but is usually from a g-mail, yahoo, or some other free e-mail domain and not a business domain.
• Has a sense of urgency, and asking you to take immediate action.
• May be written in odd English or European style English.
• The message in the e-mail is usually short and to the point, and may be trying to start a conversation to gain your trust.  E-mail #1 might say "Are you in the office?"  Which will cause you to respond "Yes", then E-mail #2 says "Great, I need you to send (money, gift cards, data) urgently.  More likely than not will have the word "Kindly" as in "Kindly send,,,".
• The e-mail will probably be asking you to do something out of the ordinary. (This is where the red flashing lights should start going off in your head)

Security Tip: Always pick up the phone and call a number (that you already have on file) and verify with the person sending the e-mail is who you think it is and not a hacker.  As for the IRS,,they will never e-mail you asking for anything.  They used certified/registered mail for official business.

A good rule of thumb is, if an e-mail seems strange, or is requesting something that is not normal procedure, it's probably a scam.


Be Secure!

@tjmprofessional

How to Overcome Your E-mail Insecurity - Part 1 of 3

As a small business owner you probably have a lot of things keeping you up at night.  Your use of E-mail in doing business probably wasn't one of them, until you read this post.

E-mail was not designed to be secure.  It was created to be a simple electronic messaging platform for trusted networked computers back in the late 1960's, and grew in use during the 1990's.  It eventually replaced both the telephone and the fax machine as the primary communication medium for business in the 2000's.  Its security flaw of being "trusted" remains from its original 1960's design, and is what has also made it the preferred attack vector for cyber criminals to defraud both individuals and businesses.  Rather than dwell on what we can't change, let's focus on what we can.

The E-mail Interloper

Over the last year a very popular type of e-mail hacking has been targeting attorneys, loan officers, and realtors. (Although there have been similar scams with vendor payments and payroll provider settlements)  A hacker compromises one of these party's e-mail accounts.  Rather than make their presence known, they will just sit back and read through the person's e-mails and wait for the right situation to arise, usually a real estate transaction.  Once the hacker knows the particulars of the deal, they wait until the time of closing and then send an e-mail from the compromised party's e-mail account stating to the buyer or the buyer's agent that the wiring instructions for the settlement has changed and to use the new bank routing and account number to transfer the proceeds of the transaction.  The buyer then sends the wire to the hacker's bank, and by the time all the parties figure out what has occurred, the hacker has since moved the money to several other banks and eventually wires the funds to an overseas bank and "poof" hundreds of thousands, potentially millions are gone.  If that wasn't bad enough, now everyone gets lawyer-ed up to try and figure out who is at fault, and the real mess begins.  Regardless of whether you are the buyer, seller, a real estate agent, or attorney, this can be a business nightmare as both the money and the deal are gone.

Security Tip: If you are in the real estate business, or another business where you frequently send wires to different parties, always pick up the phone and call a number (that you already have on file) and verify with the receiving party the wiring instructions before sending the funds.  A simple five minute phone call will defeat an e-mail take over scam, and will also demonstrate to your customers and business partners that you take security and doing business with them seriously.  If your clients are the ones sending funds, remind them to do this one simple thing to protect themselves, and your commission.

Be Secure!

@tjmprofessional