Ep. 199 Email Scams Compromise Business Security
Rancho Mesa's Alyssa Burley and Account Executive Jeremy Hoolihan talk about cybercrimes, specifically email scams that affect businesses of all sizes.
Show Notes: Subscribe to Rancho Mesa's Newsletter.
Director/Producer/Host: Alyssa Burley
Guest: Jeremy Hoolihan
Editor: Lauren Stumpf
Music: "Home" by JHS Pedals, “News Room News” by Spence
© Copyright 2022. Rancho Mesa Insurance Services, Inc. All rights reserved.
Transcript
Alyssa Burley: Hi, this is Alyssa Burley with Rancho Mesa Media Communications and Client Services Department. Thank you for listening to today's top Rancho Mesa News, brought to you by our safety and risk management network, StudioOne™.
Welcome back everyone, my guest is Jeremy Hoolihan, Account Executive with Ranch Mesa. He specializes in the janitorial and maintenance industry. Today, we’re going to talk about cybercrimes, specifically email scams that can affect businesses of all sizes. Jeremy, welcome to the show.
Jeremy Hoolihan: Hi Alyssa, it’s great to be back to StudioOne™.
AB: Now, business owners often think they don’t need to be worried about cybercrimes because they’re either too small to be targeted by a scammer, or they’re so large that their IT department wouldn’t allow a hacker to get into their network. And, both of those rationale can be costly. Jeremy, should business owners be concerned with this type of threat?
JH: Absolutely Alyssa, you know, cybercrimes are at an all-time high. You know, most news sources report cybercrimes almost on a daily basis with most of the press relating to company breaches and cyber extortion. However, one of the biggest cyber threats that is often overlooked is called Business Email Compromise or BEC.
BEC is a type of email cybercrime scam in which an attacker targets a business to defraud the company. BEC attacks use real or impersonated business email accounts to defraud employees. In fact, in 2020, BEC scammers made over $1.8 billion, which is far more than any other type of cybercrime
AB: And I believe it. While we have software that blocks a lot of these types of spam emails, we have a few that do get through. And, it’s important for everyone here to know what those scams are and how to spot them. How do BECs work?
JH: Well, in this type of cybercrime, the scammer sends an email that looks like it came from someone the recipient knows, like a superior or a co-worker, and asks them to do perform a task. For example, the email may request a change to a vendor’s mailing address so future payments are sent to the scammer and not to the actual vendor, or, you know, an employee may be asked to purchase gift cards for a charity auction or employee rewards and then ask for the serial numbers of the cards so that the scammer can use them without ever having to actually have the physical card. And another example would be, a client is sent an email with wire instructions for payment of an invoice that appears to come from your company, but instead it’s actually the scammer’s bank account.
AB: For those who may not be very tech savvy, how are scammers able to make their emails look like they’re from someone else?
JH: Well, BEC scams use a variety of impersonation techniques. I’d say there’s 3 major trends out there right now. One being a spoofed email address or website which often is a slight variation from the legitimate address or URL. At a quick glance, the spoofed email address may fool the victims into thinking it’s authentic. However, upon a closer look, the “L” might be switched out for an “I” or an “o” for a “0.”
Another example would be phishing emails appear to come from a trusted sender in order to trick the victim into providing personal or confidential information like account numbers, usernames, personal identification numbers, passwords or answers to security questions. Then, the information is used to gain access to networks, accounts, and other data.
Third most common example is, Cyber criminals, you know, can infiltrate a company’s network using malicious software and gain access to networks and legitimate emails, often getting information about billing and invoices. This type of cybercrime is often unnoticed until it is too late.
AB: So, what do you recommend companies do to protect themselves?
JH: Well, I’d say first and foremost, I would recommend that they start with a Cyber Liability policy. You know, a comprehensive Cyber Liability policy will not only respond to BEC claims, but it can also provide coverage for other cybercrimes such as cyber extortion, cyber breach, and network security. Then, just make sure that your employees can spot a suspicious email, develop policies around wire transfers, passwords, etc.
AB: Jeremy, if listeners have questions about their cyber liability, what’s the best way to get in touch with you?
JH: I can be reached a couple different ways, my direct line is 619-937-0174 or jhoolihan@ranchomesa.com.
AB: Jeremy, thank you for joining me in StudioOne™.
JH: Appreciate it, thanks for having me.
AB: This is Alyssa Burley with Rancho Mesa. Thanks for tuning into our latest episode produced by StudioOne™. For more information, visit us at RanchoMesa.com and subscribe to our weekly newsletter.