FBI Tech Tuesday: Building a Digital Defense with an Email Fortress

Building a Digital Defense with an Email Fortress

Businesses beware -- fraudsters want to cash in on digital data, and your vulnerable email account can give them the keys to the kingdom. One of the biggest dangers lurking in your in-box is a version of a phishing scheme. 

In this case, the fraudster sends you what appears to be a legitimate email. He may have hacked someone else's email account to get to you, or he may have "spoofed" an email address making it look real. 

Either way, his goal is to get you to give him access to your company and/or your cash. In this phishing scheme, an embedded link is the hook with which he will attempt to catch you. 

Once you click on that link, the fraudster is able to download malware onto your system that potentially gives him access to user ID's, passwords, customer records, financial information and data files. 

Phishing schemes are often just the start -- leading to potential ransomware attacks, business-email-compromise scams and more. 

So -- how do you protect your company? From the lowest level employee up to the CEO, your email system needs to be a fortress filled with defenses. 

* Don't use free web-based email accounts for your business. Establish your own domain and create email accounts based on that domain. 

* Ensure that your firewalls, virus software and spam filters are robust and up-to-date. 

* Immediately report and delete suspicious emails, particularly those that come from people you don't know. 

* If you receive an email from someone who appears to be a legitimate contact but you are wary, make sure you "forward" it to back the sender. Do not hit "reply." That way you can manually type the known email address or find it in your established contact list to confirm authenticity. 

* Don't click in a moment of panic. Fraudsters often use social engineering to stress you out so you will act quickly without thinking. Check before you click. 

* Consider two-factor authentication for employee email. This would include something you know (such as a password) and something you have (such as dynamic/changing PIN or code.) 

* Create a security system that flags emails with similar -- but incorrect -- formatting. For instance, you may regularly do business with Joe at ABC_company.com, but are you going to notice if one day the email comes from Joe at ABC-company.com? 

* Make sure your email is encrypted in-transit if you are putting sensitive information into it. 

Bottom line -- build the email fortress tall and wide to protect your business. 

For more information on email security concerns or other cyber crimes, check out the FBI's website at www.fbi.gov or the FBI's Internet Crime Complaint Center at www.ic3.gov.

More In Crime