Commercial Email Piracy
June 13, 2016
In our ever evolving technological age it has become more and more important to keep abreast of changes in electronic communication. We are very dependent upon email messaging for online purchases, payments and transfer of funds, but there are unfortunately, some very clever computer-savvy crooks out there who are constantly devising dishonest ways to deprive your company of its hard earned cash. The following article elaborates upon some of these crimes and offers some tips about how to outsmart the perpetrators.
Commercial email piracy or to use a more technical term Business Email Compromise (BEC) is a growing, serious and sophisticated threat in the workplace. Workers are innocently falling for these scams as they are based on deception, and take advantage of peoples’ trusting natures. Often they are not discovered until some weeks later when businesses are alerted by legitimate suppliers that payments have not been made.
CERT Australia, for example quotes several nationwide reports where emails have been sent, supposedly from senior company executives, requesting named financial staff to send immediate transfers to external bank accounts. The emails suggest there has been compromise of staff email accounts – both personal and business. Careful planning has taken place encompassing identity fraud to add ‘legitimacy’ to the requests.
Other examples of BEC involve scammers impersonating well-used suppliers and asking for changes to existing payment arrangements. The hackers have obtained fraudulent knowledge of customer names, bank details and previous invoices. They then ask for payments to be deposited into a new account. Sometimes the ‘customers’ use email addresses that have been subtly changed by adding, removing or altering a character in the email address – something not automatically noticed by busy staff. The fraudsters may even have copies of business logos and links to genuine websites. Often they will ask for immediate wiring of funds to a new location. This should arouse your suspicion. In fact any unexpected requests for immediate or confidential action should be treated very suspiciously.
Here are some tips to share with your colleagues and help minimize the effectiveness of the scams:
- Ensure your business has clearly defined procedures for verifying and paying accounts and invoices.
- Utilise a verification system that uses more than one person for all but petty amounts, or consider two-step procedures.
- Train your staff so they can be on the lookout for such scams and know how to report them.
- Double check email addresses for subtle discrepancies. (You can use an intrusion detection system to help here).
- Do not seek confirmation by email. You may be responding to the fraudulent address or the scammers may be able to intercept the mail.
- Use the telephone for verification but do not use the number on the email message. Use the numbers that you already have for the business or that you have independently sourced – e.g. from a telephone directory.
- Keep all IT systems up to date with approved anti-virus and anti-spyware software and a good firewall.
- Be especially vigilant when requests are made to transfer funds immediately or confidentially. If it is unexpected it is suspicious!
- Avoid using free web-based email accounts for business purposes.
If you are scammed you should immediately report it to the ACCC via the SCAMwatch report a scam page or telephone 1300 795 995. They will advise you of the next step.
Email piracy is a growing worry and its perpetrators are every bit as dishonest as those who burgle your house or pick your pocket! These are intelligent people who are focused on cheating your company and sadly their methods can only get more and more sophisticated. Prevention is important, but you should consider taking out a ‘Cyber Risk’ Insurance policy to compensate you in the event of your company becoming a victim of email piracy. Contact Insurance Brokers Australia and they will be able to give you unbiased advice as to the best and most cost effective policy to suit the individual needs of your business.
Important disclaimer – Insurance Brokers Australia Pty Ltd – ABN: 58123301806 – AFS License : 309265, its subsidiaries and its associates. The views expressed are those of the author only and do not necessarily reflect those of Insurance Brokers Australia. This magazine provides information rather than financial product or other advice. The content of this magazine, including any information contained on it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product. Information is current as at the date articles are written as specified within them but is subject to change. Insurance Brokers Australia make no representation as to the accuracy or completeness of the information. Various third parties, including Know Risk, have contributed to the production of this content. All information is subject to copyright and may not be reproduced without the prior written consent of Insurance Brokers Australia.