Finance departments targeted by latest 365 email hack
We’ve recently seen an influx of very convincing email Phishing attacks being used to fraudulently obtain money from clients.
These attacks look legitimate and seem to be specifically targeting finance areas of business, making it look like an email from within your own organisation.
How does it happen?
- An email account in your organisation gets hacked
- An email containing an invoice is forwarded to your accounts team (from the hacked account)
- Because the account has been hacked, anti-spam cannot stop this as it is coming from inside your organisation
- The invoice is customised with your correct company details – this is a clever attack; the invoice looks quite genuine
The emails we have seen look like this:-
What can you do to prevent this?
The most effective ways to prevent this attack are:
- 2-factor authentication on your email account will dramatically reduce the risk of this attack happening. Similar to the way online banking is secured, if the hacker gets a user’s credentials (username and password) with 2-factor authentication enabled they will still not be able to hack the email account. For more information about 2-factor authentication (sometimes called 2FA or MFA) please see our short video
- Awareness – being aware of the latest scams and hacks will help prevent email account hacking in the first place, and will help to prevent finance teams falling victim to this type of fraud.
- Education – educate yourself to spot the red flags of this type of email and falling for the convincing emails
- Double Check – give a call or see someone in person to double check that the email is in fact legitimate, if in doubt, before making a transaction.
If you would like more information on how to keep your accounts secure, why not give our experienced team a call on 0345 450 7876.