Toronto Police, in a recent press release, are warning businesses in the city about the “alarming rate” in which email fraud is increasing.
In the announcement, the Toronto Police made investment firms and other commercial businesses aware of the increasing rate in which cyber criminals are using a hacking technique known as ‘email compromise fraud’ to target businesses.
This isn’t just something that Toronto businesses should be concerned about, but all organizations across Ontario - particularly small and mid-size businesses that don’t have effective cybersecurity strategies in place. If you haven't already downloaded a copy, we invite you to download our Cyber Security 101 Guide below.
The scams, which target compromised email addresses, have caused significant financial losses for companies in the city, said Toronto Police. Businesses that are victims of this type of cyber attack are often hit with significant financial loss, reputation, downtime and loss of productivity.
These scams typically occur in one of two ways:
- Cyber criminals hack into email addresses to impersonate a legitimate supplier or customer
This scam involves cyber criminals hacking into email addresses to pose as legitimate suppliers or customers. They then send fraudulent emails from the hacked email addresses to a business, requesting payments and that money should be sent to different accounts than previously used.
Believing the request is legitimate, businesses then send money to the accounts controlled by the scammers.
- Cyber criminals hack into an email address of a company executive
The second commonly used email scam involves fraudsters hacking into the email address of a company executive. Fraudulent emails requesting payments are then sent to other people within the company, often those with the responsibility for processing payments.
When the employee believes these requests have legitimately come from a company executive, they send the money to the scammers.
Toronto Police offered some best practices to help businesses avoid falling victim to these email scams
In both of these cases, the fraudulent requests appear legitimate because the scammers use internal and personal information, familiar language and even verification steps (gathered by looking at a users’ emails and calendars) to ensure the emails look authentic.
In some cases, the cyber criminals would even reconfigure an email account’s setting to redirect specific incoming emails so that only they could see them and not the legitimate account holder - ensuring they could avoid detection.
With that in mind, Toronto Police offered some best practices to help businesses avoid these scams:
- Frequently monitor emails servers for changes in configuration and settings for accounts of people who deal with payments and money transfers.
- Use further verification steps before making substantial payments or money transfers.
- Be wary of messages saying payments shouldn’t be verified first, because a person who would usually give authorization is claimed to be unavailable.
- Be suspicious of requests frames as being urgent and requiring immediate payment.
- Be cautious of new bank account information being provided by regular business clients or customers.
- Look closely at email addresses for any small differences in spelling or punctuation.
Need further help implementing a cybersecurity strategy for your business?
Small and mid-size businesses have fallen into the trap of believing that they aren’t a target of cybercrime. That would have been right maybe five or ten years ago, but smaller businesses are now actually the primary target of cybercriminals.
Cybercriminals know that the vast majority of smaller businesses don’t have the visibility of their data, cybercrime strategies and cybersecurity best practices in place to properly protect their organization.
That’s why, in the past few years, they’ve become target number one.
Does this sound like your organization? If so, it’s crucial that you implement an effective cybersecurity strategy right away. To do so, consider working with a managed IT services provider or IT solutions specialist to gain some expert help.
Here at OT Group, for example, we can help your business develop a cybersecurity plan and implement an end-to-end cybersecurity solution (such as Field Effect’s Covalence) that gives you complete insight into your company’s vulnerabilities and how to fix them.
Interested in learning more? Get in touch with OT Group today.