Even though there are plenty of ways to communicate online, for most businesses email remains the number one communication tool even in 2020. However, the more emails you receive and open, the greater the chance of something with malware attached it is to slip by. Because of this, you need to find the safest email provider for your online business.
According to the 2019 Adobe Email Usage Study, 43% of Americans check their work email every few hours. Unfortunately, people often don't check twice what they click on and when it comes to online businesses, this can be devastating.
Many online businesses have had to learn this the hard way, as 85% of organizations have been victims of a phishing attack, according to Keepnet Labs and still, only 3% of users report a phishing email to the higher-ups.
What Tactics Do Cyber-Criminals Use?
What makes email security so difficult is the fact that scammers, hackers and other cyber-criminals don't use just one tactic to breach your email.
Most are familiar with the "Nigerian prince scam", the "Only remaining relative scam", so they keep their guard up when they see something like that, making these tactics less effective today.
This is why email scammers have had to adjust and to become much more sophisticated in their attacks, especially against businesses. To achieve this, scammers rarely use regular phishing tactics, but are making sure to better target their victims.
To better understand, here are a few more sophisticated tactics that cyber attackers use against online businesses:
Regular phishing is very simple to execute and costs next to nothing, but it's a hit-or-miss tactic that doesn't take much effort to figure out and avoid.
The main problem with normal phishing is that it casts a very wide net and is therefore not very targeted.
Spear-phishing, on the other hand, is. If we can say that a normal phishing attack is like casting a net and hoping to catch a lot of smaller fish, a spear-phishing attack is like using the phishing pole with the right bait to catch the big fish.
This type of phishing attack has become so prevalent today that, according to ProofPoint's 2020 "State of the Phish" survey, 88% of all their survey participants suffered a spear-phishing attack in 2019.
Another type of email attack online businesses can be victims of is the BEC or business email compromise attack.
This sophisticated email scam is the perfect example of how scammers use research to better target their victims. In a BEC attack, the attackers will first find a weak point, which is someone with access to the company funds and then impersonate that person.
According to the FBI, BEC comes in 5 types:
- CEO fraud - Where the hacker impersonates the company CEO or other high-level executive and sends emails to employees with access to company funds with requests for urgent (and usually private) money transfers.
- Impersonating an attorney - In which the scammer impersonates a lawyer to scare their victim with a lawsuit unless the victim sends them money.
- False invoice - Or, impersonating a supplier and requesting a money transfer to a fake account.
- Data theft - In this BEC attack, the scammer typically goes after the HR to find info about the CEO or other higher exec and then use that to scam them.
- Account compromise - Finally, the account compromise attack is a BEC attack in which the scammer hacks an employee's email and then uses that email to request payments from vendors.
How Online Businesses can Protect Against Email Scams?
Businesses lose millions of dollars every year due to email scams. If you own an online business, you too can be a victim of a phishing or scam attack that could cost your company money. Today it's not a question of "if" your company will be attacked, but "when."
In Q1 2020, SAAS and Webmail were the main targets for phishing attacks at 33.5%, followed by financial institutions at 19.4% and the payment sector third at 13.3%.
However, no industry or company, no matter how big or small, is immune to cyberattacks.
So how can you protect your online business from an email scam or malicious email?
Start by educating yourself and your employees on how to recognize an email scam or a phishing email. Most scams work because the victim doesn't look closely enough at the email they received, or opens something without thinking.
Always make sure that the email you got is really who they say they are and never allow yourself to be scared into doing something.
For instance, if the CEO suddenly emails you to make an urgent wire transfer to their account using the company funds and wants you to "keep it between you two", this should raise some alarm bells.
Double-check this with them over the phone, or with someone else in person. Unfortunately, as we already mentioned, only 3% of phishing attacks are reported to higher-ups.
It's important to report a phishing attack, even if you caught it so that, if a similar one is repeated, the next person in your position is also ready for it.
Of course, sometimes, no matter how careful you are at what you open, mistakes happen and that's why you can't rely solely on your catching malicious emails that way.
That's why you need to use the safest email service around, Liverado: Armored Email. With Liverado, your personal and business emails are protected with the strongest encryption at transit and at rest. This includes encryption for the body, subjects (on paid plans) and attachments.
Furthermore, Liverado also provides high-level virus protection, protection against brute-force attacks, multi-factor security, anonymized IP and much more.
If you are looking for the safest email provider to protect your online business, sign up today for a Liverado email account.