You’re used to the fake invoice email and the “Nigerian Prince” junk right? You probably never click on those fake links and much of that junk is caught in your spam filter anyway.
But even if you’re careful, you should be aware of some changes – email fraud has recently moved ‘upscale’ and hackers are now penetrating cloud-based email services by sending very official, personalize messages that simply ask you to ‘confirm’ your email account by entering your password. When you enter your password you are shown a page that says “password confirmed – your email service will continue uninterrupted” (or something similar. But what’s really happened is that the hacker has now recorded your email password for later use.
The next step involves reading your email and learning more about your business, your calendar and your common phrases or terms. When the hacker has enough information, they will send a personalized message to your accountant / bookkeeper usually asking for a rushed funds transfer. The email will be from your account, it will use terms you use and may even be part of an email chain you actually started yourself. There will be no way to tell that the email is a forgery, even if you are technically skilled and careful.
This kind of attack is being successfully executed routinely and is often very lucrative for the hacker. We are asking all our clients to be exceedingly careful. There are steps you can take to mitigate / reduce risk and I would be very, very happy to talk with you in detail about policies and procedures that will keep you from becoming a victim.