The only way to fully protect yourself from the threat of fraudulent email is to unplug your computer. Chris Aeilts, a sales engineer with SDN Communications, jokingly made that point Oct. 23 during the Better Business Bureau’s seventh annual cybersecurity seminar in Sioux Falls.
Of course, shutting down your computer system isn’t a realistic option for most businesses any more. Online connectivity has become too important to commerce at all levels. So, organizations have to do their best to make sure cyberthieves who use email to scam people don’t deceive employees. For example, they may try to get them to pay fake invoices, give out sensitive company information or click a virus-infected link.
“Be suspicious of everything,” advised Arica Kulm, a cyber intelligence analyst with the South Dakota Fusion Center in Sioux Falls.
Scam emails often come out just before holidays or a weekend, Kulm said. But she warned not to be rushed into responding to messages that seem suspicious.
“If it seems fishy, it probably is,” she said.
Aeilts, Kulm and Jodi Gillaspie were the featured speakers at the BBB seminar. Gillaspie is the director of the Division of Consumer Protection, which is part of the South Dakota Attorney General’s Office.
This year’s cyber program focused on fraudulent email, or Business Email Compromise, as law enforcement agencies categorize the crime. BBB considers Business Email Compromise, or BEC, the top cyber threat confronting businesses.
BEC can take many forms, but it usually involves a scammer posing as someone else in an email that comes from a spoofed or hacked site.
Email scammers have bilked U.S. businesses and organizations out of more than $3 billion since 2016, according to the BBB, and the cyber thieves have tried to get billions more. An investigative study by the BBB found that email fraud has tripled over the past three years and jumped 50 percent during the first quarter of 2019 compared to the same period in 2018.
“Ten years ago, you couldn’t get businesses to talk to each other, typically, about what was ailing them. Now we’re coming together, talking about how we can combat these things,” Gillaspie said.
Scam emails often originate from countries such as Nigeria, Aeilts said, but fake messages have gotten more difficult to spot. That’s because criminals have improved the spelling and grammar in their messages. In addition, the email addresses they use often closely resemble the addresses of legitimate parties.
Recipients of a suspicious email should closely examine the sender’s name, address and other details, Aeilts said. They also should consider whether they were expecting a message from the sender and whether the message seems to carry an artificial sense of urgency.
If recipients intend to double-check with the sender of a suspicious message, they should verify the address independently, not just rely on the contact information provided in that message.
Businesses should have policies in place, in advance, that require a second person to sign off on requests for payment.
People who think they’ve been victimized should contact their bank, report the incident to law enforcement and file a report online with the Internet Crime Complaint Center, or IC3, she said.
Jessie Schmidt, state director for the BBB in South Dakota, also encourages victims of other fraudulent email tactics to report incidents to local law enforcement.
“If you don’t report it, you have no chance of helping yourself and just set yourself up to be a victim again,” she said.
Victims should not feel flattered or embarrassed to have been targeted in an attack, Schmidt added.
“You’re not the first victim they picked on today. They sent out 100,000 emails, and they only need a couple of people to bite on it,” she said.
SDN Communications, Avera McKennan Hospital & University Health Center and the KELOLAND Media Group sponsored the event. Approximately 60 people attended the free event at Avera Pasque Place, which was emceed by KELOLAND News’ Brady Mallory.
SDN Communications is a regional leader in providing broadband connectivity and cybersecurity services to businesses in communities such as Sioux Falls, Rapid City, Worthington, and the surrounding areas.
To help share the important information presented about Business Email Compromise, we recorded the event in its entirety. Watch the video below and use the links on the right of the player to navigate between presentations.