Sydney hospital loses $2 million in alleged BEC fraud
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
When it comes to stopping email-based threats, malware and email filters will only get you so far.
In a recent study of 3,500 organisations, it was revealed that whilst such tools can be effective at removing most emails containing malware, a range of other dangerous emails regularly manage to evade such filters.
The emails successfully getting through to staff inboxes often end up sitting there for up to three days before IT or security teams remove them. Delays occur due to a lack of investigative tools, limited security resources and a lack of employee awareness. Such delays are extremely problematic, because the longer dangerous emails sit in staff inboxes, the higher the chance that a staff member will accidentally mistake it for being legitimate.
On average, organisations with over 1,100 employees experience 15 incidents per month in which dangerous emails bypass security filters.
The types of emails that are avoiding filtering tools tend to be those that are smaller in scale and don’t contain malware, but are nonetheless dangerous because they attempt to deceive your staff. These emails tend to be highly targeted and focus on a small number of individuals within the organisation. Examples may include emails that engage in Social Engineering, Business Email Compromise (BEC) or Vendor Email Compromise (VEC) attacks.
The key take-away from the study is that when it comes to protecting your organisation from email threats, filtering tools alone are not sufficient.
Financially motivated scammers regularly use email as a vehicle to carry out fraud. They may infiltrate your suppliers’ email accounts and manipulate invoices. Alternatively, they may compromise management emails within your own organisation to issue fake payment instructions to the Accounts Payable (AP) team. Either way, never assume that such emails will be blocked by filtering tools.
Even though such emails represent a threat to your organisation, the fact they don’t contain malware hidden in malicious links or attachments means that filters are unlikely to flag them.
Preventing harm to your organisation from such emails requires a system that alerts you to attempted fraud.
The first step in mitigating the risk of email-based fraud is staff awareness.
You need to ensure that your entire AP team understands that scammers are constantly resorting to devious tactics in order to deceive them into processing illegitimate payments. Your AP team should adopt a zero-trust approach to email and never assume any email correspondence is legitimate.
However, even the best trained staff can fall victim to particularly deceptive scammers. Using widely available tools, scammers now have the ability to generate fake emails that are so realistic, they are almost impossible to detect. It’s now relatively easy for scammers to recreate corporate logos, signatures and even spoof email addresses, all in an attempt to deceive AP staff.
eftsure’s unique solution enables your AP team to efficiently verify payments in real-time. Our fraudtech platform protects your organisation by verifying the banking details you use to process EFT payments. Ensuring these details are accurate and up to date gives you confidence that the funds are being sent to the legitimate recipient and you’re not being defrauded.
Contact eftsure today to learn more about staying protected from dangerous email.
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.