Keeping Financial Data Safe with a Work-At-Home Accounting Staff during COVID-19

Posted by Geraldine Hunt on Tue, Aug 25th, 2020

For every global tragedy, there is a rise in scams and phishing attacks. The Coronavirus pandemic has forced many enterprise companies to move internal staff to a work-from-home workforce, which opens the business to much higher cybersecurity risk. Users with their own devices, Internet connectivity, and Wi-Fi connections do not have the enterprise-level cyber-defenses. Hackers know that home users are much more vulnerable to attacks, and they’ve taken advantage by targeting financial people with fake invoices, phishing emails, and social engineering.

Phishers Targeting Financial People

In a time when the world is sensitive to the COVID-10 pandemic, it’s important for financial people to stay aware of the increase in phishing and social engineering. Hackers use legitimate looking invoices and emails to trick financial people into sending money to the attacker’s account. Most personal email accounts don’t have the phishing detection and prevention compared to an enterprise email server, and attackers will search for a user’s personal email and use it to attempt a data breach.

Using fake invoices isn’t anything new in the cybersecurity world. Attackers will generate an official-looking invoice in an attempt to trick a financial staff member into sending them money. The emails look like they come from official senders, and the invoices are crafted in a way that makes them look legitimate. It takes a trained, educated eye to catch the warning signs. According to the FBI, business email compromise (BEC) is a $3 billion industry. In some scenarios, an attacker pretends to be an executive, accountant, or an attorney to intimidate the targeted user into acting quickly without questioning the validity of the request.

Not every attack is meant for immediate financial gain. Some attackers want data to then sell on darknet markets. The risk of being caught is lower, but the value of a large data breach can bring in millions. In many of these attacks, a phishing email is sent to the targeted user tricking them into clicking a link that brings the user to a web page. The web page looks like an official business page, and the attacker tricks the user into authenticating. Instead of authenticating, the user sends network credentials to the attacker who can now access the network as an official account. With legitimate credentials, the attacker can browse the network without detection. It can take sometimes months for administrators to detect this type of data breach.

Here are some examples of phishing emails that threaten your business:

• You receive a fishy-looking request to click on a link that is “interesting”. These emails are normally sent to thousands of accounts. Clicking on the link may download malware to your PC that saves the information you type into your PC, including usernames and passwords to websites and company applications.
• You receive an email that appears to be an official communication from your bank. It can include your personal or business name, instructing you to click on a link to complete some urgent task. This link brings up a fake website that looks very much like the banks. When you enter username and password, this information is saved by cybercriminals to use later, transferring money from your account.
• You receive an email from your boss, asking you to execute a wire transfer to a reputable firm.

Hold on, should I be suspicious of that email from my boss? Yes, always think twice before you pay that invoice or transfer funds!

What Organizations Can Do to Protect Data during COVID

While administrators have less control of employee computer activity at home, there are some ways to reduce risk of a successful BEC attack. User training is an option, and it can be done remotely. However, even with user training employees can make mistakes especially with the spike of phishing and social engineering during the pandemic. A solution like SpamTitan will block phishing emails before they reach your network. Here are some other ways to reduce risk:

• Require two-factor authentication. Even if users fall for a phishing attack, an attacker would not be able to access the network without the PIN, usually sent to the targeted user’s smartphone.
• Instruct users to avoid clicking email links. Not every email with a link is malicious, but users should be especially suspicious of an email with a link where login credentials are required to go further. Always type the domain into the browser window instead of using a link to authenticate.
• Use cloud drives to view documents. Macro malware is still alive and well. Microsoft documents can have malicious macros included, which are used to download malicious software. This software could give the attacker remote control of the computer or install a keylogger. If you upload a document to a cloud drive (e.g. Google Drive) and preview the file in the cloud, the macros are neutralized and won’t run on the local machine.
• Install only approved software. Administrators can restrict software installation on corporate machines but not personal ones. Educate users on the types of software that should be installed and restrict access to extremely sensitive applications to approved machines only.
• Restrict users to corporate email. Users should know that email is an insecure way to transfer sensitive data, and they should only use corporate email to communicate business information. By limiting users to corporate email, the administrator can use filters to block suspicious emails and quarantine any messages with malicious attachments. Users should never copy sensitive information from corporate email to person accounts to avoid data breaches.

The above list is not exhaustive.  Due to the sophisticated nature of advanced persistent threats via email, SpamTitan includes a sandboxing feature and anti-spoofing layers. SpamTitan sandboxing protects against breaches and data loss from zero-day threats and sophisticated email attacks by providing a powerful environment to run in-depth, sophisticated analysis of unknown or suspicious programs and files. SpamTitan sandboxing will protect against malware, spear-phishing, advanced persistent threats (APTs) and malicious URLs, offering insight into new threats and helping mitigate risks.

Make life easier for your IT department and safer for all the staff in your organization. See immediate results for spam and BEC attack blocking without tying up IT resources with SpamTitan Cloud.