- Created: Monday, 24 May 2021
- Written by Tim Nicholls
Over 1 million email accounts get compromised each month. In the past if your email account was compromised it was probably just used for sending spam, if you were a victim, you would just reset your password and forget about it. Nowadays hackers are more sophisticated and are looking for a bigger payoff. Below are several costly actions a hacker might carry out if they gained access to your or a colleague’s email account.
Change of bank account notification for salary payments
The hacker will email the person in your organization responsible for payroll with a change of bank account notification. Since the email is from your actual email account, not a forgery, they will not be able to tell it was sent by the hacker.
Change of bank account notification your customers
The hacker will email your customers with a change of bank account notification. Since the email is from your actual email account, not a forgery, your customers will not be able to tell it was sent by the hacker.
Intercept supplier invoice
The hacker will intercept a legitimate invoice from one of your suppliers and change the bank details to a bank account they control.
Other social engineering
The hacker will email your colleagues with attempts to get a further foothold within your organisation. Either malicious documents infected with malware or phishing to compromise more email accounts.
How can you protect yourself and your organization?
Multi Factor Authentication (MFA)
The best protection is to enforce MFA on all email accounts in your organization. Both Microsoft 365 and Google Workspace have policies you can enable to force everyone to set it up.
Most successful attacks involve human failure at some level. Make sure your staff are aware of the risks, understand how these attacks work, the warning signs, and who to report them to. The UK’s National Cyber Security Center has some free training that is quite good
Ensure your organization’s, suppliers’, and customers’ processes all include verifying any bank detail change via two independent methods.
Recovering from a cyber incident could be ruinous to many organizations. Consider taking out cyber insurance to make sure you can get back on your feet.
Engage telanova as your IT team and we will advise you on appropriate security strategies for your organization and implement them.