(REUTERS/Kacper Pempel )
Many email scams are effective because they are so easy, a new report.
Approximately 60 percent of the business e-fraud is not a malicious link, but rather a plain text message that can be surprisingly effective when the wording and context seem to be authentic, according to a report released Thursday by Barracuda Networks.
“The attack is just a plain text email intended to fool the recipient to commit a bank transfer or sending of sensitive information,” Barracuda said in its report. Phishing e-mail, on the other hand, usually try to click on a malicious link.
HERE ARE A FEW OF THE BEST FREE ANTI-VIRUS PROGRAMS FOR PC AND MAC
The problem is, fake-text e-mails are difficult for e-mail security systems to detect because they are often sent from legitimate email accounts and do not contain any suspicious links, Barracuda added.
Companies as targets
Fraudulent e-mails are normally in the so-called Business e-Mail Compromise or BEC, where the attack resulted in billions of dollars lost to fraud the past few years.
More than 78,000 people BEC complaints are worldwide between October 2013 and May 2018, with more than 41,000 victims in the United States, the FBI said in July.
Business e-fraud, as defined by the Barracuda in its report, that works like this: Criminals get first access to a corporate e-mail account, then impersonate the owner of the identity, and purpose to employees, customers or partners who have access to company finances or payroll data and other personally identifiable information.
One of the most common attacks attempt to trick a recipient into doing a wire transfer to a bank account owned by the attacker, according to Barracuda, which compiled statistics for 3,000 randomly selected BEC attacks in its report.
SPAM, A POPULAR VEHICLE FOR MALWARE, IT STILL TRICKS PEOPLE
The attacks sometimes (in about 12 percent of the cases) are trying to establish in relationship with the target audience. For example, the attacker will ask the recipient if they are available for an urgent job, and then, in the majority of cases will ask for a bank transfer, Barracuda said.
These e-mails are of a disarming simplicity. An actual e – mail with the names changed to protect the victim – that Barracuda cited said this:
Are you in the area? I need to send a wire transfer Z. S. M. a supplier.
Another fake e-mail said:
Subject: Invoice due number 381202214
I’ve tried to reach you by phone today, but I couldn’t get through. Please get back to me with the status of the invoice below.
FACEBOOK SCAMS ARE ON THE RISE, NEW REPORT SAYS
“Wire transfers should never go outside without a personal meeting or a phone call,” said Barracuda.
And if a request comes from a high-level executive like a CEO, the request must always be confirmed because they are, in many cases, it is unusual to receive a personal e-mail of senior executives.
On the basis of the report of the results, approximately 43 percent of the impersonated senders were the CEO and founder is. C-suite positions such as CEO or CFO can provide valuable context when you try to dupe payroll employees, for example, in the handing over of sensitive information.