Cyber-attacks increased during lockdown – How to safeguard business email

The lockdown has changed the South African economy almost overnight. A large number of economies has adopted work from home, and the unemployment numbers are only getting worse.

Unfortunately, this has also become a time for online scammers to target businesses and individuals.

Business Email Compromise (BEC) – What you need to know

Business Email Compromise (BEC) attacks are the most costly form of cybercrime, costing US companies considerably more than crimes like ransomware attacks and data breaches.

In fact, BEC attacks cost companies $1.7 billion accounting for half of all the cybercrime losses during 2019 according to insurance firm AIG.

BEC attacks have been around for years but continue to grow in sophistication from the early days that involved hacking and spoofing accounts of CEOs and CFOs.

Most attacks now rely on social engineering aimed at customers, HR departments, suppliers, related accountants, and law firms, and even tax authorities.

Lockdown and BEC attacks

BEC attacks have also evolved from simply trying to transfer funds to fraudulently gift cards, divert tax returns, and even transfer millions of dollars' worth of hardware and equipment into the control of criminals.

Unfortunately, criminals love to make use of major current events to launch their attacks. COVID-19 is just the latest example of a significant event that has been weaponised by cybercriminals to try and profit.

Check Point Research reported that the first two weeks of May saw a 30% increase in COVID-19 related cyber-attacks. About 192 000 coronavirus related attacks were seen per week on average.

Protect against BEC attacks

The global shortage of medical equipment has resulted in even government and medical services being scammed while trying to procure scarce goods urgently.

How can organisations protect against BEC attacks?

  1. Make use of at least one layer of advanced email security from a major internet security company. Niche players and open-source solutions can often cause more harm than good if you aren't careful.

  2. Use cybersecurity solutions to secure mobile and endpoint browsing. This will help to stop users on the network from visiting phishing web sites which could compromise company security[*]Use two-factor authentication to verify any change to account information or banking details.[*]Continuously educate your end-users: Irreversible transactions should, wherever possible, not happen based only on emails correspondence.[*]Always verify the full email address on any emails and be wary of hyperlinks that may contain misspellings of the actual domain name.[*]Do not supply login credentials or personal information in response to a text or email.[*]Follow Security Best Practices[*]Regularly monitor financial accounts.[*]Keep all software and systems up to date.