Over 78% of major European banks suffered a data breach in 2022.
Although the financial industry is the primary target of threat actors and scammers (who are looking for financial gain), they have been victimizing businesses in other sectors too.
For example, the Police Service of Northern Ireland was the victim of one of the latest breaches in Europe. Names, ranks, locations, and departments of officers were exposed in the data breach after the Excel spreadsheet was accidentally shared online.
But how do the majority of attacks happen?
In most cases, they don’t even rely on advanced hacking methods. Instead, hackers write convincing phishing emails that impersonate people who you trust or that have some form of authority over you.
In 2022, APWG recorded a record number of 1,270,883 phishing attacks — predominantly targeted at the financial industry.
Bad actors exploit employees to damage the company financially. They use credentials to get into your inbox, read confidential messages, steal sensitive data, and gain access to your company’s network.
The average cost of a single data breach for companies worldwide is estimated at $4.45 million.
So what can individuals do to protect both their personal finances and those of a workplace?
Here, we’ve selected some of the best basic but powerful email security practices that anyone can apply starting today.
1. Set Up a Strong Password
If someone got access to your email, what personal information could they find about you and other people? Would the emails they find be enough to access your banking account or even demand ransom?
The majority of cyber attacks occur because of weak passwords. This might be our most basic email security tip, but it’s worth noting since many people still neglect it.
How to tell that your password is not strong?
Your email password is weak if it:
- Contains personal information such as first names, last names, addresses, phone numbers, your mother’s maiden name
- Is used for several different accounts
- Follows common patterns such as “12345”, “11111”, “password”, “qwerty”
- Hasn’t changed in months or even years
Some things you can do to strengthen your password are:
- Replace it regularly — change it every three months if possible
- Keep it long — use at least 13 different characters
- Add versatile characters — mix in lowercase and uppercase letters, special signs, and numbers
The longer and more complex your password is, the longer it takes hackers to crack it.
2. Enable Two Factor (or Multi-Factor) Authentication
Relying solely on your password is not enough. Even if a cybercriminal does steal your credentials or get them after a cyberattack, they shouldn’t easily be able to log into your email from a new device.
If they do, they can send invoices to people who trust you, get access to credentials that you once sent to your boss, or dig out your own sensitive information (such as health records).
Two-factor or multi-factor authentication (MFA) can detect illicit access. When a criminal tries to log into your account from another device, you’ll get a notification to either deny or approve their attempt.
Have MFA for every account that allows it — including social media and emails.
Multi-factor authentication adds another layer to email security. In cybersecurity, the more layers a cyber criminal has to go through the stronger the protection.
3. Introduce Social Engineering Awareness Training
Emails are the number one vector that scammers use to drain your bank account. Some forms of social engineering that employees should be aware of are:
- Email phishing — fraudulent emails that urgently require the victim to take action
- Shoulder surfing — a person looking over your shoulder as you type in your passwords
Scammers use emails to send links to spoofed websites. They’re typically indistinguishable from a real website of a bank that requires a login. The main difference is that this version of the site records your keystrokes and sends criminals your credentials.
Another common financial scam that takes place in inboxes involves fake invoices from your CEO or a vendor.
In 2016, Mattel, a toymaker known for inventing Barbie, was the victim of a vendor invoice phishing scam. After receiving a falsified invoice from a Chinese vendor, the accountant wired a transfer of $3 million.
To prevent this and similar scams, companies invest in training that teaches the general workforce to recognize the signs of phishing emails.
Training is an integral tactic that improves email security. If you have a company, it’s important that every employee passes the phishing awareness training — from Kurtis in accounting to Chris in the IT department.
4. Be Selective Where You Share Your Email Address
Scammers can easily find your private and business email addresses on social media or corporate websites. But we also hand them out like candy to different applications and stores to get access and discounts.
True. Unlike your social security number or bank account details, email addresses aren’t considered sensitive information. But with that information alone, a person can’t perform full-blown identity fraud.
What they can do is google the email address to find out more about your personal views, discover your private social media profiles, uncover public records (e.g. find criminal charges), and sometimes even dig out your physical address.
We also generously share other private information with the world on social media.
For example, we’ve seen many people sharing a pdf version of their CV on LinkedIn that contains both an email address, physical address, and phone number.
When scammers do get your email address, you’ll probably become a repeated victim of phishing schemes — and more likely to download malware from infected attachments or log into the site where you give away your banking information.
More advanced forms of email phishing can fool even security experts. They might accidentally click on a link that lands in their inbox or share their credentials with a person claiming to be their boss.
Pro Tip: Instead of giving away your main email address, make another one to give to stores and use to log into applications.
Email Security Is Everyone’s Responsibility
If you have a business with a larger security budget, you have more advanced email security methods in place to safeguard your data and avoid major financial damage.
Regardless, basic email security practices that anyone within the company can apply can save you a lot of cybercrime-related headaches.
When criminals go after one’s finances, they target vulnerable individuals and unsuspecting employees first.
They kickstart their email scam using easy tactics such as sending an email that seeks an urgent wire transfer or manipulating a recipient into giving away their credentials.
Therefore, it’s important to foster a culture in which everyone understands their role in security and is aware of their cyber surroundings.
The Most Read
Сryptocurrencies
Bitcoin and Altcoins Trading Near Make-or-Break Levels
Financial crimes
Thieves targeted crypto execs and threatened their families in wide-ranging scheme
Financial crimes
Visa Warning: Hackers Ramp Up Card Stealing Attacks At Gas Stations
News
Capitalism is having an identity crisis – but it is still the best system
Uncategorized
The 73-year-old Vietnamese refugee is responsible for bringing Sriracha to American consumers
Uncategorized
Electric Truckmaker Rivian, Backed By Amazon, Ford, Raises Whopping $1.3 Billion