How to stay safe from Email Compromises, Mobile Apps & Data Scams?

Simplest approach is to cut greedy fat as much possible. In past years, Business Email and Mobile App Compromise schemes have caused billions in total losses to thousands of enterprises around the world, according to the US crime agency FBI. Since January 2015, there has been a 1800% increase in identified exposed losses, amounting to huge losses per scam. The potential damage and effectiveness of these campaigns compelled US FBI to issue a public service announcement detailing how Email Compromise scams work and how much damage it can cause to targeted employees and companies – in both private and public sectors.

The FBI defines Business Compromises as a sophisticated email and app scams that targets businesses working with foreign partners that regularly perform wire transfer payments. Formerly known as the Man-in-the-Email scam, Email Compromise typically starts when business executives’ email accounts are compromised and spoofed, with the fraudster sending emails to an unknowing employee instructing them to wire large sums of money to foreign accounts and many other creatively smarter scams.

While many cases involve the use of mobile malware, Email Compromise schemes are known for relying purely on social engineering techniques, making them very hard to detect. Recent incidents showed how employees were duped by emails masquerading as legitimate messages coming from company executives asking for information. In recent times, even big brand email operators are involved in end user’s email data breach / mining, surveillance and abuse, in association with governments and large private conglomerates.

Businesses, especially SMEs, are advised to educate employees on how Email Compromise scams and other similar attacks work. These schemes do not require advanced technical skills, use tools and services widely available in the cyber criminal underground, and only needs a single compromised account to steal from a business. Some tips on how to stay safe from these online schemes:

Carefully scrutinize all emails. Be wary of irregular emails sent by high-level executives, as they can be used to trick employees into acting with urgency. Review and verify emails requesting funds to determine if the requests are out of the ordinary.

Raise employee awareness. While employees are a company’s biggest asset, they can also be its weakest link when it comes to security. Commit to training employees, review company policies, and develop good security culture.

Verify any changes in vendor payment location by using a secondary sign-off by company personnel.

Stay updated on customer habits, including the details, and reasons behind payments.

Verify requests. Confirm requests for fund transfers when using phone verification as part of 2-factor authentication, use known familiar numbers, not the details provided in email requests.

Report any incident immediately to law enforcement and file complaint with your service provider using direct and non-digital methods.

Avoid using tools like mobile apps or fancy desktop apps for email send / receive and other critical transactions.

Choose Custom Mail Servers operated by ethical operators and service providers, prefer SSL Secured with managed firewalls. We suggest manual servers of OSS Prime Linuxers

Ref. Trend Micro / osspl.com

Leave a Reply

Your email address will not be published. Required fields are marked *

PS PHPCaptcha WP

You may also like:

Linux Software Startup Technology

Search based on Apache Solr / CMS to fight Goopoly

With Goopoly and its ventures getting malicious, its high time switching back to alternatives like bing, yahoo, duckduckgo, baidu, yandex etc to nib Nazi-like predators. Or even get your own new KoPoly search engine running in the cloud.

Read More
Automobiles Climate Manufacturing Technology Transport

Panasonic Photovoltaics solar roof Cars in Japan

China has also made big strides in green energy. Last year, the country doubled its total of electric vehicles to become the world’s largest EV market. Other developing ones are catching up.

Read More
Education Linux People Software Technology

Why should all kids learn Linux, Unix or BSD?

Though most parents recognize the need to integrate more awareness of technology into their kids’ lives, but their solution seems to be tablets or curvy mobiles with games or branded apps, which seem to end up stifling creativity more than promoting it, apart from pushing them into traps of malicious hardware / software restrictions.

Read More