Watch your work-related email and social personas closely
Over the past year, we’ve seen a new trend emerge among cyber threats: Professional Channel Attacks. In the past, you only had to worry about your personal email and social channel security. Now attackers are creating elaborate schemes to steal information and money through work email and business-related social media channels, like LinkedIn.
Business Email Compromise, or BEC attacks, are the most expensive problems now facing cyber security. In 2020, BEC scams cost the United States $1.8 billion in adjusted losses according to the FBI Internet Crime Complaint Center’s (IC3) 2020 Internet Crime Report.
BEC and professional channel attackers are going to great lengths to create believable personas. They are creating fake profiles with emails, social media accounts, and even web pages that look legitimate.
In January, North Korean hackers created a fake blog with videos, and multiple Twitter accounts to target security company researchers.
In February, Shark Tank’s Barbara Corcoran lost $400,000. Scammers impersonated an admin by using an email address that was only one character different from the real one. They succeeded in getting a fake invoice paid by her bookkeeper.
On LinkedIn, you could be invited to be a guest speaker at a conference with a handsome fee and all expenses paid, but replying to the invitation could open the door for personal and professional secrets to be stolen.
You might think that you aren't a high-value target in your organization, but that’s not always true. Employees like admins and senior executives are often sought out by scammers. Do you have a trusted relationship with a C-suite officer, decision maker, or bookkeeper? Be extra careful.
Here are a few tips to help you spot a potential scammer.
Beware of urgency
If someone is trying to get you to take action fast, take a pause instead. If you regularly expect emails from your boss or partners that require immediate action, try setting up personalized terms instead of using common phrases like ASAP or URGENT.
Verify every character in website, email, and mailing addresses. Double check phone numbers – including area codes. Don’t forget to look for extra characters, numbers replaced by words or characters replaced by numbers that have the same shape.
Beware of common tricks
Chances are, the IRS didn’t email you. They use the USPS. Watch out for scammers impersonating loved ones and professional contacts. Do your research on the people making cold calls and emails that are trying to get you to share information.
It’s up to you to be wary at work. Always be cautious about who you trust on work-related social networks and email replies. If something looks suspicious, follow up with your cybersecurity officer, IT staff, or reach out to your coworkers for verification. It never hurts to get a second set of eyes on something before sending a large payment to an unknown vendor or business partner.