U.S. small businesses report an increase in suspicious business emails over the past year, a cyber survey by HSB shows, and employees are taking the bait as they fall for phishing schemes and transfer tens of thousands of dollars in company funds into fraudulent accounts.
“Whether it’s a phishing scheme, fraud or malware, most cyber-attacks start with an email,” said Timothy Zeilman, vice president for HSB, part of Munich Re. “Even companies that have information security training and fairly savvy employees fall victim to these deceptions.”
A rise in suspicious emails
Over half of business executives (58 percent) said suspicious emails had increased in the past year.
More than a third (37 percent) of the organizations received an email from someone pretending to be a senior manager or vendor requesting payments.
Almost half of employees receiving those emails (47 percent) responded by transferring company funds, resulting in losses most often in the $50,000 to $100,000 range (37 percent) and rarely less than $10,000 (only 11 percent).
Business email schemes could become an even bigger threat
The scam is convincing because cyber thieves in many cases gain access to business email accounts and assume the false identities of company managers.
With millions of Americans working remotely from home since the outbreak of the coronavirus, business email schemes could become an even bigger threat, Zeilman said.
“It’s more important than ever to pay attention to safe cybersecurity practices and make sure you verify requests for payments,” he said. “Don’t rely on email alone – call the person and confirm the payment is legitimate before releasing any funds.”