The 4 Worst Email Scams of 2017; Are You Next?

Posted by Steven Vigeant on 7/11/17 8:00 AM

email-scam-alert.jpg2017 hasn’t even reached its halfway point and already it’s been a banner year for email scammers. The hackers may be rejoicing, but if you or your company has been on the receiving end of an email-based cyberattack, it’s hardly something to celebrate.

According to the FBI, email scams have been hitting American businesses hard, to the tune of a half a billion dollars per year. And the pace doesn’t seem to be slowing for 2017.

If your company hasn’t fallen victim to an email scam this year, count yourself lucky. Up to 85 percent of organizations have suffered phishing attacks, according to one report. (Phishing is the blanket name for the most common form of email scam.)


Email scams can be devastating for companies large and small. Here are a few of the most

damaging and high-profile attacks of 2017 (so far).

 

W-2 Scams Target Companies and Individuals

What happened: In February — primetime for companies and individuals to start work on their

tax returns — the IRS issued a warning. Organizations throughout the country had reported

receiving fraudulent emails aimed at stealing employee W-2 information.

Typically, these scammers used spoofing techniques to disguise their emails as coming from

high-level executives. They targeted HR personnel and asked for lists of employees and their

W-2 forms — and in the worst cases, followed up with requests for wire transfers.

 

The damage: As of early February, the scam had claimed nearly 30,000 victims. One company

in California allowed the tax information for about 800 employees and former employees to fall

into the hands of criminals.

 

Even Giants Fall for Phishing

What happened: In March, the U.S. Justice Department announced the arrest of a Lithuanian

man for impersonating a supplier and scamming two American tech firms out $100 million. In

April, Fortune reported the victims were far from small game. They were Google and Facebook,

two of the largest and most powerful technology companies on the planet.

The hacker, Fortune reported, “Forged email addresses, invoices, and corporate stamps in

order to impersonate a large Asian-based manufacturer with whom the tech firms regularly did

business.”

 

The damage: Facebook and Google both say they recovered most of their funds. Harder to

recover, though, is the loss of face from falling victim on such a large scale to a single man with

an email account. Any company whose business model relies on keeping its customers’ private

data secure does not want to show up in the news as the target of a successful scammer.

 

Scammers Impersonate CEOs

What happened: In March, Israeli police, in conjunction with the FBI, rounded up 20 people

connected to a global hacking operation. The scammers had been posing as high-level

executives, authorities say, and asking lower-level employees to initiate wire transfers.

Thinking they had been given a great responsibility by the CEO or another top executive, many

of these employees unwittingly wired huge sums of money right into the scammers’ bank

accounts.

 

This type of attack — which relies on people’s natural deference to authority — is on the rise.

The FBI issued a warning about the dramatic increase in CEO fraud in 2016.

The damage: From October 2013 through February 2016, the FBI says it received 17,642

reports of business email compromise scams (a form of whaling). Combined, the incidents cost

American businesses $2.3 billion.

 

Hackers Target Gmail Users

What happened: Google again found itself tied up in an email scam in May — this time as the

company being impersonated. Google said it was investigating a rash of fraudulent emails

containing what looked like links to shared Google Docs.

Users would receive the emails, masked to look like they were from familiar senders. When they

clicked on the links, they were taken to a landing page asking them to authorize third-party

access to their private account information. That includes passwords, the contents of email,

contacts, and anything else they used through a Google service.

Needless to say, scammers can have a financial field day with that kind of data.

 

The damage: Google says it has removed the accounts responsible for the offending emails.

It’s not clear how much damage they caused. But as hackers gained access to their victims’

email contacts, they gained access to new victims.

The scam could have spread across the internet like wildfire.

 

How to Stop Your Company From Becoming the Next Victim

What’s the common thread in all these high-profile email attacks? In each case, the scammers

used hard-to-spot techniques to disguise their identity and motives and take advantage of their

targets’ trust and carelessness.

As email scams grow more and more sophisticated, users at every level of every company need

to become more aware of the threats and their cost. They need to learn to pay closer attention

to the messages they receive and who they’re from.

This starts with education. For pointers on teaching your employees strategies to prevent

phishing, read our recent blog post, “5 Tips for Teaching Your Employees What Not to Click.”

Your second level of defense is technological. An expert outsourced IT provider can set you up

with the latest software and hardware controls for maintaining the security of your company’s

email system. Learn more about what an outsourced IT provider has to offer in our free ebook,

“The Ultimate Guide to IT Outsourcing.”

 

New Call-to-action

Topics: IT Security, Email


 Comments