On Thursday May 5, 2016, an email security breach hit Yahoo!, Gmail, Microsoft, and some other large corporations. Experts are calling this the biggest attack since the cyber-attacks that hit banks and major retailers two years ago. The attack affected more than 97 million people! Infiltrating emails has been the MO of choice for cyber criminals. Recently a specific type of scam has been dominating and it’s called imposter emails.
Imposter emails, also known as “business email compromise,” are targeting companies of all sizes. The FBI has been investigating these attacks and found that more than 17,000 companies have been affected since 2013 and criminals have been able to steal more than $2.3 billion dollars worldwide.
Proofpoint has done significant research on imposter emails and they break them down into four different types:
- Spoofed Names- The name in the “from” field of an email is usually an executives in the corporation however the email address is from an outside source such as Gmail, Hotmail or yahoo which belongs to the attacker.
- Reply to Spoofing-The “from” name and the “reply-to” are from real executives in the company however the “reply-to” email address is that of an imposter.
- Lookalike Domain- The attacker uses an email address so similar to an executives email address making it sometimes impossible to notice any differences at first glance.
- Spoofed Sender-The imposter used the name and email address of the executive but the email does not contain a “reply-to address.”
In the Proofpoints research, they learned that CFOs were being targeted the most by 47%, followed by human resources, finance, payroll, COO and specialists. The number one email topic used by the imposter was regard-ing tax information and wire transfers.
What is most challenging is that many times, the companyor organization does not even realize there is a prob-lem; everything seems to be “business as usual” until it’s too late and millions of dollars have been stolen.
Here are few ways to protect yourself and your company from these attacks:
- If you get an unsolicited email from a business, even one you’re very familiar with: don’t immediately re-spond or click on any attachments or links. Instead, verify the email is legitimate.
- If you get an email from someone you know telling you to click on a suspicious link or an attachment: Be-fore opening the link call the person back or send an email of your own (not a reply) to confirm whether the email is really from the real sender.
- If you’re asked to turn over control of your computer to someone from “tech support”: Be sure to confirm the person is a legitimate representative of a computer company whose hardware or soft-ware you use.
Proofpoint is one if the best email security tools out their and has a strong clientele. If you want to learn more about how Proofpoint can help your organization, reach out to your sales manager today.