Criminals Hacking Into Buy Orders Of Businesses Via Emails
By Paul Liu
Monday, March 20th, 2017
Atlanta based security firm SecureWorks Inc. has come across a disturbing trend that is sure to unnerve businesses from all over the world. As per the data collected by the firm, cyber criminals are increasingly hacking into purchase orders via emails to commit fraud and theft. These types of business email scams are not only sophisticated, they are far more difficult to detect and stop than the usual email based scams. The news was first reported by Wall Street Journal which also highlighted the modus operandi used by the criminals as well as how small and medium sized businesses are increasingly becoming victims of such scams.
As per the details supplied by SecureWorks, these types of scams start with hacking of either buyer’s or seller’s email accounts. By breaking into a business email account, criminals are free to scan for any high value transaction across the entire buyer-to-seller email chain. And as if this was not enough, they also set up mail-forwarding rules which send mails to their accounts first and then to the intended recipients. So when the hackers spot a purchase order, they alter the order details and ask the buyer to send money to a bank account set up by them.
Experts say that such scams are now popular because banks have become a lot more vigilant about financial frauds. Most banks now have robust security mechanisms in place so the criminals have shifted their attention to small and medium-sized businesses. Wall Street Journal reports that the frequency of business email scams is increasing with each passing year. This has even been validated by the FBI which published a report in June highlighting 1,300% increase in such crimes in last one year. The report also revealed that Business email scams have affected more than 14000 businesses in US since 2013 and have cost organizations over 1 billion dollars.
SecureWorks says that over reliance on Webmail, cloud based email solutions offered by most hosting providers; by businesses is one of the reasons why such scams are flourishing. Webmail is far cheaper and easier to break into than dedicated enterprise grade email solutions which offer almost bulletproof level of security. SecureWorks recommends using dedicated email servers to send and receive business emails in order to remain safe from such scams. If buying a dedicated email server doesn’t fit in your company’s security budget then you can even rent such solutions at very cheap rates.
Apart from using dedicated email servers, you can do a lot more to protect your business from email scams. For instance, you must enforce the use of strong passwords for business email accounts as well as reinforce them with 2-Factor authentication. Also, make sure to double-check all purchase orders; especially if they appear suspicious or contain new payment instructions. Security experts also recommend using Virtual Private Networks in conjunction with enterprise-grade anti-virus and anti-malware solutions to secure all business networks. As a business owner, you must be aware that criminals are constantly coming up with new ways to scam you so remaining vigilant and investing in enterprise grade security is your best option.