How To Protect Yourself From Email Fraud Once and For All

Business Email Compromise (BEC) refers to fraudulent email messages sent by cybercriminals and rogue states to imitate the identity of another party or person in order to scam or defraud an individual or organization.?

The worldwide financial impact is huge. ?The US FBI reported more than $43 billion of international losses associated with BEC attacks between June 2016 and December 2021, with almost a quarter of a million victims so far. ?In addition to financial losses, adversaries attempt to steal valuable trade secrets and information through BEC.?It’s a very serious problem.?

Common sense is actually quite uncommon, and this sad reality is exploited by scammers. The psychology at play during these attacks works by taking advantage of one of the following three factors:?Situations where actions required that are just too good to be true. Exploiting the human desire that leads one person to trust another. Curiosity-inducing content and actions that result in more action, such as clicks or downloads.?

Police and experts have offered helpful advice that includes tightening accounting controls; using multi-factor authentication (which you absolutely should be doing); employing Identity-based anti-phishing controls; deploying Domain-based Message Authentication, Reporting and Conformance (DMARC); and phishing email awareness training.?

Bad actors send more than three-million malicious emails every minute. The fact is that even when you practice the best defensive measures and business email compromise training, it’s unrealistic to believe you won’t be a victim of at least one BEC attack.?

Deloitte reported that 91% of cyber-attacks begin with a phishing email message.?Think about that.?

So, how can we protect ourselves against this massive threat??

To me, it seems the answer is simple.?Stop using email for sensitive communications.??

One seamless, secure way of communicating is Nextcloud’s Solution for Ensuring Zero-Trust Document Collaboration.?As I wrote in my article, “…a Zero-Trust system trusts no user, device, or application. They all must be continuously authenticated, access-checked, and monitored…” and “…Nextcloud now offers data-sharing file protection that far exceeds that afforded by other Cloud providers. And at a much lower price point. Needless to say, VIBE-enabled Nextcloud has eliminated the complexity, cost, and operational frailty inherent in PKI…”.?

Organizations can white-label VIBE enabled Nextcloud and even expand the offering to include more services such as Nextcloud Talk to eliminate the use of external messaging services and video calls.?

One thing is certain, if we keep doing what we've been doing, we'll keep getting what we have been getting.?So, for heaven’s sake, let’s stop using email for sensitive communications.