How to protect your startup from email scams

Date:

Share post:


Despite years of claims that the “death of email” is fast approaching, the decades-old communication method continues to thrive in business. In particular, the business of hacking.

An email containing a link that looks legitimate but is actually malicious remains one of the most dangerous yet successful tricks in a cybercriminal’s handbook and has led to some of the largest hacks in recent years, including the 2022 breach of communications giant Twilio and last year’s hack of social media platform Reddit. 

While these emails are sometimes easy to spot, be it thanks to bad spelling or an unusual email address, it is becoming increasingly difficult to identify a dodgy email from a legitimate one as hackers’ tactics become increasingly sophisticated.  

Take business email compromise (or BEC), for example, a type of email-borne attack that targets organizations large and small with the aim of stealing money, critical information, or both. In this type of scam, hackers impersonate or compromise someone familiar to the victim, such as a co-worker, boss or business partner, to manipulate them into unknowingly disclosing sensitive information.

The risk this poses to businesses, particularly startups, can’t be overstated. Individuals in the U.S. lost close to $3 billion in BEC scams last year alone, according to the latest data from the FBI. And these attacks are showing no signs of slowing down.

How to spot a business email compromise scam

Look for the warning signs

While cybercriminals have become more advanced in their email-sending tactics, there are some simple red flags that you can — and should — look out for. These include an email sent outside of typical business hours, misspelled names, a mismatch between the sender’s email address and the reply-to address, unusual links and attachments, or an unwarranted sense of urgency. 

Contact the sender directly

The use of spear phishing — where hackers use personalized phishing emails to impersonate high-level executives within a company or outside vendors — means it can be near-impossible to tell whether a message has come from a trusted source. If an email seems unusual — or even if it doesn’t — contact the sender directly to confirm the request, rather than replying via any email or any phone number provided in the email.

Check with your IT folks

Tech support scams are becoming increasingly common. In 2022, Okta customers were targeted by a highly sophisticated scam that saw attackers send employees text messages with links to phishing sites that imitated the look and feel of their employers’ Okta login pages. These login pages looked so much like the real deal that more than 10,000 people submitted their work credentials. Chances are, your IT department isn’t going to contact you via SMS, so if you receive a random text message out of the blue or an unexpected pop-up notification on your device, it’s important to check if it’s legitimate.

Be (even more) wary of phone calls

Cybercriminals have long used email as their weapon of choice. More recently, criminals rely on fraudulent phone calls to hack into organizations. A single phone call reportedly led to last year’s hack of hotel chain MGM Resorts, after hackers successfully deceived the company’s service desk into granting them access to an employee’s account. Always be skeptical of unexpected calls, even if they come from a legitimate-looking contact, and never share confidential information over the phone.  

Multi-factor all the things!

Multi-factor authentication — which typically requires a code, PIN, or fingerprint for logging in along with your regulator username and password — is by no means foolproof. However, by adding an extra layer of security beyond hack-prone passwords, it makes it far more difficult for cybercriminals to access your email accounts. Take one security step even further by rolling out passwordless technology, like hardware security keys and passkeys, which can prevent password and session token theft from info-stealing malware.

Implement stricter payment processes

With any type of cyberattack, a criminal’s ultimate goal is to make money, and the success of BEC scams often hinges on manipulating a single employee into sending a wire transfer. Some financially motivated hackers pretend to be a vendor requesting payment for services performed for the company. To lessen the risk of falling victim to this type of email scam, roll out strict payment processes: Develop a protocol for payment approvals, require that employees confirm money transfers through a second communication medium, and tell your financial team to double-check every bank account detail that changes. 

You can also ignore it

Ultimately, you can minimize the risk of falling for most BEC scams by simply ignoring the attempt and moving on. Not 100% sure that your boss actually wants you to go out and buy $500 worth of gift cards? Ignore it! Getting a call you weren’t expecting? Hang up the phone! But for the sake of your security team and helping your co-workers, don’t stay quiet. Report the attempt to your workplace or IT department so that they can be on higher alert.



Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

OpenAI’s GPT-5 reportedly falling short of expectations

OpenAI’s efforts to develop its next major model, GPT-5, are running behind schedule, with results that don’t...

OpenAI announces new o3 model — but you can’t use it yet

Welcome back to Week in Review. This week, we’re looking at OpenAI’s last — and biggest —...

Google pushes back against DOJ’s ‘interventionist’ remedies in antitrust case

Google has offered up its own proposal in a recent antitrust case that saw the US Department...

If climate tech is dead, what comes next?

Humans have an innate desire to name things, but to be honest, we’re not always that good...

Hollywood angels: Here are the celebrities who are also star VCs

Becoming a venture capitalist has become the latest status symbol in Hollywood.  Everyone these days, from Olivia Wilde...

Meet Skyseed, a VC fund and incubator backing the Bluesky and AT Protocol ecosystem

On November 15, Peter Wang posted a message requesting ideas for a new incubator and fund to...

Sam Altman disputes Marc Andreessen’s description of AI meetings with Biden administration

Famed investor Marc Andreessen recently talked about meetings with Biden administration staff who gave him the impression...

EV startup Canoo places remaining employees on a ‘mandatory unpaid break’

Struggling electric van startup Canoo has placed its remaining employees on what it’s calling a “mandatory unpaid...