Cybercriminals are intercepting emails between companies and their clients, deceiving customers out of life-changing sums of money and severely damaging the reputation of the organisation.
Targeted companies range from solicitors and conveyancers, to builders and traders.
In January this year, a charity worker buying his first home had his £67,000 life savings stolen after fraudsters hacked into emails sent between him and his conveyancing solicitor. Last year a London couple transferred over £25,000 to a fraudster posing as their builder after receiving a genuine-looking invoice, for an amount they were expecting, from a copycat email address.
It might seem implausible, but an attack of this kind is often very difficult, if not impossible to detect.
A successful attack can look like this:
- A cybercriminal gains access to a company’s network via malware.
- The cybercriminal waits for the firm to send an email to invoice a client.
- The cybercriminal intercepts the email and sends another email from the company’s email account, or from a very similar fake account. This follow up email advises of a change to the company’s bank details and requests the client transfers the amount due into the new account.
- The customer unwittingly transfers the money to the cybercriminal’s account.
Unfortunately, by the time the company or customer finds out, the funds have often been removed from the fraudulent account, making them impossible to recover. There is also significant debate surrounding which party is liable in these cases, with neither businesses, banks, or customers, wanting to accept responsibility.
Securing your email
Failing to secure your emails is like sending a message on a postcard. Anyone who intercepts it can read the content. Secure email, on the other hand, is like sending a letter in a coded language which only the recipient can decipher. So why aren’t more companies protecting their clients, and themselves, by securing their email?
Secure email platforms aren’t new. They’ve been around for decades, using secure public key encryption to encode and decode email content. This technology wasn’t widely utilised, however, as it proved complex and inconvenient to use. Older secure email platforms required the user to download every email from a web portal, for instance.
Fortunately, modern secure email platforms have made the process of securing your email straightforward. The industry-leading providers can be used as an add-on for Microsoft Outlook and local email clients, as a standalone version for Windows, MacOS, and Linux, or as an app for iPhone, iPad, and Android devices.
Using your existing email address, these platforms utilise end-to-end encryption. This means a unique encryption key is added to every message, providing notification of receipt and making ordinary e-mails compliant with the Data Protection Act, and its imminent replacement, the EU’s General Data Protection Regulations (GDPR).
With the latest cybercrimes appearing indistinguishable from genuine email communications, securing your email has never been more important.