You just received an email from the boss instructing you to make a wire transfer to pay an invoice the company owes. STOP. How sure are you it came from the boss? And if it came from their email address how do you know their email account has not been breached.

Recommendation: Never approve a financial transaction via email

Many financials scams start with an email. They may impersonate a boss, coworker, employee or a vendor. The type of scams is endless and the attacks continue to become more sophisticated.

Friendly Name Can Be Anything a Scammer Chooses

The friendly name or the name right before the actual email address can be set to anything. In many email applications they don’t show the actual email address, just the friendly name. This leads to more end users being tricked.

Email History is a Scammers Roadmap

If the scammer has breached an email account they can not only send their scam email as that individual but can also view the email history looking for ways to make their email more believable. After a breach we have seen scammers use real invoices but with an alternate bank account or note they are out of town thus needing a wire transfer to go through right away.

Once an email account is breached the email history becomes a roadmap for scammers.

Two Factor Authentication

To protect your email account always use two factor authentication. This is the log in process of after putting in your password it will send a code as a text or to an authentication app to complete the login.

Advanced Email Threat Protection

We recommend all companies add additional protection to their email accounts. Tech Dispatch uses our Advanced Email Threat Protection application to perform added scanning and blocking of scam emails. With this service we can block countries, domains and specific email addresses. We can also set up impersonation filters which will add a “Possible Impersonation” to the subject line of the email.

Conclusion

It is never safe to authorize any payment, wire transfer or financial change via email. Back up communications such as a phone call or text message should always confirm the payment. We recommend use of two factor authentication and complex passwords for all email applications to better protect from a breach. Adding an additional email threat filter program is also a must in today's threat environment.