The digital economy has made a lot of things easier, including communication and payments, but these changes have gone hand-in-hand with a heightened risk of fraud from cybercrime. Internet-based fraud can take many forms. As individuals, some of us have no doubt had ‘the phone call’ from our bank questioning our recent shopping spree in South Korea. Fortunately, personal losses are usually reimbursed quickly through the bank’s insurance scheme. Risks to businesses are more profound. Companies run the hazard not only of financial loss but also loss of reputation, which can be catastrophic.
HSBC and other banks have all issued warnings to their customers not to open scam emails masquerading as coming from an official source. Unfortunately, it isn’t only banks who are susceptible to such deception.
Some of our own customers have been the victim of attempted fraud through emails purporting to come from suppliers or clients. These frequently come from a trusted email address and contain subjects such as ‘purchase order’. We were recently caught out ourselves by a so-called phishing email. Thankfully it only ended up costing us £500 but it took six weeks and a multitude of e-mails and calls to get the rest of our money back.
To avoid the risk of clients being defrauded, should our email address be misappropriated, we have introduced the policy never to request money by email unless an official statement from Hone All is attached, or if we are already in conversation about a repayment plan.
How Are Emails Hacked?
Cyber criminals don’t use black magic to hack email accounts: There are several ways your account can be accessed fraudulently.
1) Insecure Passwords
Inadequate or insecure passwords are the cause of countless hacking incidents. A password that can be easily guessed is inherently insecure. These include the word ‘password’ itself, or passwords that include personal information that can easily be looked up. A person’s date of birth, mother’s maiden name, hometown and primary school can all be found through Facebook – depending on the person’s privacy settings. Generic security questions, such as ‘where did you go to university’ offer little or no protection against someone intent on resetting your password.
The near universal practice of using the same password for most, if not all, online accounts is also a recipe for disaster. Once one password is compromised, the rest can easily be guessed or reset.
A lot of email service providers are also less secure than they should be. Within the last 12 months Google, Yahoo and LinkedIn have all suffered loss of private data through email hacking. Some of this information, linking millions of names to email addresses and passwords, can be purchased on stolen databases available through the dark web.
We recommend a policy of regular password changes for work email addresses and the use of a reputable password manager app to keep track of multiple secure passwords.
2) Phishing Messages
Phishing messages include the classic message from your bank asking you to verify your password/pin number by email, but can also be more insidious. A fraudulent message apparently from Facebook could warn you of an attempted unauthorised access to your account: ‘follow this link to confirm your password’. In a heightened state of anxiety, these messages are very easy to fall for.
Most reputable businesses now operate a policy of never requesting money or personal information through email. Be sure to check the source of an email before you respond to any requests. Also, bear in mind that sometimes, the requests look like they’ve come from someone internally and request you to make a payment – again, prior to taking the requested action, check that they have indeed made the request, particularly if they request a same day payment to be made which are impossible to recall.
Bogus incentive messages can also be used to illegally harvest data or directly commit fraud. They often include a URL link through which a piece of malware is installed on the victim’s computer.
We have received several e-mails claiming to be from customers and suppliers with an e-mail address that looks the same and asks for us to open the remittance or purchase order etc. Again, these were found to contain malware and could have had serious consequences for our business and IT systems. Others looked like simple requests for Bank Details to be updated. We have now implemented a policy of calling to verify the request with the company contact personally prior to accepting any change requests.
One way to protect yourself from these types of e-mails, is to click reply and quite often, the reply e-mail address that comes up is different to the one listed in the original message so take a second to make this simple check.
3) Malware
Computer viruses, or malware, can install itself on a PC when someone opens an infected email attachment. Some of these viruses are worms, which automatically send out the same message to every contact in the person’s email address book. Such viruses can spread very quickly around the Internet. Other malware programs include key logging software; recording the keystrokes made on a computer to determine passwords, credit card details and other information.
Keep yourself safe from malware through a strong antivirus subscription and regular scheduled scans.
Keeping Safe Online
We are not IT experts by any means, but we are concerned for the security of our customers, suppliers, employees and website visitors. We take pains to apply cyber security best practices for emails, passwords, social media and web access to keep communications safe and ensure we are a partner our customers can trust. If you are concerned about an email that supposedly comes from us, please don’t hesitate to call us for clarification. Stay safe out there.