Email initiated fraud is a significant issue for businesses both small and large, according to an article on the Australian website smallville.com.au.
It says that recently, with its public accountability procedures in place, a local government agency paid out over $450,000 in an email based invoicing fraud.
“The seed for these business attacks comes from personal or business information being stolen. Like the recently delayed announced by Yahoo where information from 500 million client accounts is now for sale.”
The author says there are tell-tail signs in emails of a social engineering scam, and gives businesses five actions five actions that will raise the awareness of employees to the nature of phishing hacks. “With effective security awareness training, there is typically a 14% reduction in the likelihood of an employee succumbing to a scam email.”
The first action is to review staff knowledge of scamming, using the “Red Flag” email checklist and cover of the 7 components:
- From Line; is the email from a known contact or outside my personal or business circle
- To Line; to me only or part of a CC list
- Date; did this email come in business hours
- Subject Line; is it relevant to the content
- Content; is the content business like or needs some link action, has the correct language
- Hyperlinks; embed links in the email is not to a reputable site or doesn’t match business site
- Attachment; mismatched attachment types to what is expected e.g.; .exe, .zip,
To find out more, read the article here.