Protecting Your Business from Costly Email Scams

Published on May 9, 2024 | Webster Bank

Businesses today are under constant threat from a multitude of sources. From the biggest Fortune 500 companies to the smallest of mom-and-pop stores, no business is 100% safe from a cyber-attack. The simple fact is that too many threats are out there to prevent them all effectively.

According to a 2024 study conducted by payment fraud prevention platform TrustPair, more than 95 percent of U.S. companies were targeted with at least one fraud attempt in the past year, with 9 out of 10 attacks proving successful. Moreover, the repercussions of these attacks can reach far beyond just the event itself, with 66 percent of companies conceding that they would stop doing business with a partner if they fell victim to fraud.

The troubling fact is that consumers aren’t the only target for prospective scammers. Businesses large and small are also frequent targets and can quickly find themselves victims due to additional entry points and vulnerabilities that can be exploited.

From Spoofing to Phishing: Understanding the Email Scammers Toolbox

Cybercriminals try to trick employees into revealing proprietary and confidential data or taking an action that will benefit the criminals—and harm your business. They often use a tactic called email “spoofing”—impersonating a legitimate business or person, including individuals inside one’s own company, by assuming an authentic-looking email address or alias—to fool employees into clicking a link, opening an attachment, trusting an unsolicited call/text, changing account information, or conducting a financial transaction via social engineering – a practice  known as phishing or, when paired with spoofing, “spear phishing.”

Clicking those links or opening those attachments can automatically install malware, which, depending on the type, could give the criminals access to your computer or device, install ransomware (in which malware infiltrates your system and cyber criminals hold your business hostage until a fee is paid), and even allow them to burrow further into your company’s servers or the cloud. These attempts to steal your company’s confidential information can ultimately destroy your reputation.

5 Quick Tips to Protect Yourself from Business Email Scams

While the impact of such a business email compromise can seem overwhelming, there are things you can consider doing to help protect your business, your customers, and your employees from email scams. Here are a few easy-to-remember best practices:

• Avoid clicking on links or attachments from untrusted sources.
• Educate employees to be alert to emails, messaging, and phone calls that may be fraudulent.
• Use verified contact information from the company’s internal contact management system when verifying requests to change information or transfer funds. Always verify any wire instructions received by email or fax via a follow-up phone call.
• Require multiple-person approvals for account and financial change requests.
• Encourage employees to ask questions and challenge suspicious activity before acting on requests.

8 Best Practices to Help Your Business Recover from a Scam or Breach

If you think your business has been exposed (or fallen victim) to an email fraud attempt or other cyber breach, stay calm and follow these steps:

1. Don’t delay. Acting quickly after a business email compromise or malware event can minimize damage to your business.
2. Determine what happened. Identify (if possible) what kind of incident occurred, whether it was successful, and what was lost or damaged.
3. If a fraudulent financial transaction (i.e., a wire) was initiated, immediately file a report with the FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov.
4. Contact your bank’s servicing desk or support staff. Report fraudulent transactions.
5. Scan your network. Check for infected files or malicious programs with a strong antivirus program.
6. Update your antivirus, anti-malware, and firewall software. If your antivirus program is outdated, call a cyber-security professional to eradicate any suspect programs and set up better defenses before you go back online. Be sure to apply all software patches and security updates.
7. Change your passwords immediately. If you’ve experienced a spoofing, phishing, or spear phishing incident that has compromised multiple accounts, require your employees to change their passwords to prevent criminal access to critical systems and financial data.
8. Review and improve your cyber policies. Ensure that your employee training, firewalls, antivirus software, and email protection are up to date, and take steps to improve the effectiveness of your business network protection. To protect against future financial fraud, require multiple-person approvals for account and financial change requests. Use verified contact information from the company’s internal contact management system when verifying requests to change information or transfer funds.

Webster Bank is committed to equipping you with information and support to safeguard your business and finances from fraud and scams. To learn more about how you can better protect yourself and the steps our team is taking to protect you, click here.  

SOURCES:

Payment Fraud Attempts on U.S. Businesses Spiked 71% in 2023, According to New Trustpair Research

Fraud in the Cyber Era: 2024 Fraud Trends and Insights