With cybersecurity attacks on the rise, many companies find it difficult to maintain cyber hygiene in the work environment around them.
A national Cybersecurity Awareness Survey conducted by CSA in December 2020 showed that about four out of 10 respondents had succumbed to a cyber incident at least once throughout the year (CSA, 2021).
Oftentimes, cyber-attacks occur via e-mail as it is a tool that can be used to communicate with external organisations.
How does someone ensure that his work e-mail is not hacked into? Is everyone in the company on guard and able to identify every spoofed e-mail address which enters the inbox?
E-mail address spoofing is a type of phishing attack where victims usually receive e-mails from forged e-mail addresses. It used to be that spoofed e-mail addresses were easier to identify. However, times have changed.
Work has become increasingly fast-paced and demanding. As people work towards completing the tasks they have before the end of the day, most of them may forget to check and clarify certain e-mails.
Imagine this scenario. Alex receives an e-mail from a business partner ABC. ABC e-mails Alex to request payment with regards to an invoice sent. As Alex’s company has been doing business with ABC very often, he did not give it much thought and proceeded to have the finance team wire the money.
What if it turns out that ABC did not send the e-mail?
Upon second look, Alex realises that the e-mail address that was supposed to be from ABC contains a misspelling.
This is an example of a spoofed e-mail address.
According to a Straits Times article posted on 21st May 2022, at least 149 people fell victim and believed that these spoof work e-mails were legitimate (Woon, 2022). This led to a loss of at least $70.8 million since the start of 2022.
The victims would have received e-mails telling them of a change in bank account number, thus requesting for payment to be made to other bank accounts.
However, this is only the tip of the iceberg. The people behind these e-mail address spoofing are getting smarter and are finding ways to make spoofed e-mail addresses look the same as the original e-mail addresses. The best thing to do when one is unsure is to clarify with the other party who supposedly sent the e-mail.
According to Microsoft, Business E-mail Compromise (BEC) is a type of phishing attack targeting organisations, with the main aim of stealing money or sensitive information. Unfortunately, at least 93 people have fallen victim to this type of scam within 3 months from January to March 2022. According to a Straits Times article posted on 29th July 2022, these victims have lost at least $56.2 million to BEC scams (Lim, 2022).
The scam involves e-mails that were supposedly sent by colleagues, business partners, or suppliers of the victims. The e-mails usually inform the victims of a change to their company’s bank account number.
As a result, the scammers who took control of these contacts’ e-mail addresses managed to get a large sum of money.
While BEC may be a result of e-mail address spoofing, it may also be a result of a work e-mail address being hacked into. Therefore, organisations are strongly encouraged to enforce the use of 2FA (two-factor authentication) and to regularly change passwords to reduce the risk of compromise.
Another way for organisations to defend themselves against e-mail cyber threats is to install Microsoft Defender for Office 365.
Organisations can protect messages with Microsoft Defender for Office 365, a cloud-based email filtering service that helps protect against advanced threats to e-mail and collaboration tools. It can help organisations reduce the risk of BEC and e-mail address spoofing.
To learn more about the Microsoft Defender for Office 365 and how to utilise it, do join us for our free upcoming webinar which will be held next week! Scan the QR code below to register.
To learn more about the Microsoft Defender for Office 365 and how to utilise it, do join us for our free upcoming webinar which will be held next week! Scan the QR code to register.
In this webinar, we will share information regarding the following:
Technology is becoming more advanced with digitalisation and globalisation. While a lot of these technological advancements bring about positive developments in the modern world, it should not come as a surprise that there will also be a shadow of threat looming in the background. Everyone should always be wary and ensure that important data is always safeguarded using the necessary software and devices.
With cybersecurity attacks on the rise, many companies find it difficult to maintain cyber hygiene in the work environment around them. A national Cybersecurity Awareness