14 preventive measures against email scams and hacks

85
cybersecurity_
cybersecurity_

 

  1. Avoid free web-based e-mail accounts: Establish a company domain name and use it to establish company e-mail accounts in lieu of free, web-based accounts.
  2. Be careful what you post to social media and company websites, especially job duties and descriptions, hierarchal information, and out-of-office details.
  3. Be suspicious of requests for secrecy or pressure to take action quickly.
  4. Consider additional IT and financial security procedures, including the implementation of a two-step verification process. For example:
    1. Out-of-Band Communication: Establish other communication channels, such as telephone calls, to verify significant transactions. Arrange this two-factor authentication early in the relationship and outside the e-mail environment to avoid interception by a hacker.
    2. Digital Signatures: Both entities on EACh side of a transaction should utilize digital signatures. This will not work with web-based e-mail accounts. Additionally, some countries ban or limit the use of encryption.
  5. Immediately report and delete unsolicited e-mail (spam) from unknown parties. DO NOT open spam e-mail, click on links in the e-mail, or open attachments. These often contain malware that will give subjects access to your computer system.
  6. Do not use the “Reply” option to respond to any business e-mails. Instead, use the “Forward” option and either type in the correct e-mail address or select it from the e-mail address book to ensure the intended recipient’s correct e-mail address is used.
  7. Consider implementing two-factor authentication for corporate e-mail accounts. Two-factor authentication mitigates the threat of a subject gaining access to an employee’s e-mail account through a compromised password by requiring two pieces of information to log in: (1) something you know (a password) and (2) something you have (such as a dynamic PIN or code).
  8. Beware of sudden changes in business practices. For example, if a current business contact suddenly asks to be contacted via their personal e-mail address when all previous official correspondence has been through company e-mail, the request could be fraudulent. Always verify via other channels that you are still communicating with your legitimate business partner.
  9. Create intrusion detection system rules that flag e-mails with extensions that are similar to company e-mail. For example, a detection system for legitimate e-mail of abc_company.com would flag fraudulent e-mail from abc-company.com.
  10. Register all company domains that are slightly different than the actual company domain.
  11. Verify changes in vendor payment location by adding additional two-factor authentication such as having a secondary sign-off by company personnel.
  12. Confirm requests for transfers of funds. When using phone verification as part of two-factor authentication, use previously known numbers, not the numbers provided in the e-mail request.
  13. Know the habits of your customers, including the details of, reasons behind, and amount of payments.
  14. Carefully scrutinize all e-mail requests for transfers of funds to determine if the requests are out of the ordinary