Impostor email scams are attractive to cyber-criminals who want a simple strategy that gives them high returns. What types should you be aware of?
Business Email Compromise (BEC) scams are growing more prevalent as cybercrime incidents increase across the board. With cyber-criminals eyeing up more businesses than ever before, it’s wise to be aware of the different varieties of impostor email threats you might encounter in work.
Security firm Proofpoint put together this useful infographic with some vital knowledge that everyone should be arming themselves with to avoid falling victim to cybercrime.
According to Proofpoint, impostor email threats have hit more than 70,000 companies since the FBI’s Internet Crime Complaint Center began tracking this variety of scam in late 2013. Although many messages can be easily detected as phishing scams, the ones that slip through the cracks could cost millions in fraudulent transfers.
Four main types of impostor emails
There are four main types of BEC scams. The first is ‘spoofed name’, whereby the name of the executive is in the ‘From’ field of the email but the address is an outside email account belonging to an attacker.
‘Reply-to spoofing’ is where the ‘From’ name, address field and ‘Reply to’ name looks legitimately like one of your colleagues, but the ‘Reply to’ address field actually belongs to a cyber-criminal.
‘Lookalike domain’ attacks are when the attacker’s ‘From’ address is close enough to your real colleague’s address, which can fool recipients on especially busy days.
‘Spoofed sender’ attacks use the name and email address of the spoofed colleague but the email doesn’t contain a ‘Reply to’ address. Figures from Proofpoint show that 75pc of these attacks are ‘Reply to’ spoofing scams.
CFO is the prime target
In terms of who is targeted within a company, it makes sense that the CFO is in the crosshairs 75pc of the time – they do control the purse strings, after all. HR is the second most likely to be affected by a BEC scam.
Topics employed by cyber-criminals to get your attention in that all-important subject line include tax information, wire transfer and, of course, the term ‘urgent’.
Proofpoint advises users to exercise vigilance when it comes to their inbox and check all fields carefully before replying. It’s important that your business cybersecurity strategy involves awareness from all staff, and a program to auto-detect these scams can also work wonders in terms of protecting your business.
For more information, check out the infographic below.
Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.