The pandemic’s impact of forcing many employees to work remotely has created more opportunities for fraudsters to deploy phishing attacks. While the vaccine rollout is moving more people back to the office, there will undoubtedly be a permanent shift in the structure of the working environment. Fraud.net’s Email AI software, along with a strong security culture, can help your company address this problem.
Remote Workers and the Increase in Phishing
The combination of the pandemic, economic disruption, and new work arrangements have continued to increase phishing attacks of all types.
According to the FBI, a near doubling of all phishing attacks occurred in 2020 over the prior year. The estimated total damage from phishing was nearly USD$2 billion. As with all fraud estimates, the reported number is likely significantly lower than the actual amount. In addition, when considering the impact on companies by phishing and other fraud schemes, it is important to note the intangible costs due to:
- System Downtime
- Reduced Productivity
- Incidence Response
- Brand and Reputation Damage
A recent survey had some eye-opening insights into remote workers and security protocols.
- Nine out of ten remote workers handle IP, confidential, and personal information.
- Over half of employees were not given guidelines for handling personally identifiable information (PII) while working remotely. However, over 40% are required to handle PII from home.
Executives Set the Tone for the Security Culture
Enabling a strong security culture starts with leadership. A simple but very effective action is having leadership refrain at all costs from making urgent requests of finance through email. When leaders avoid urgent payment requests via email, the fraudulent emails are much easier to detect.
Another action that management needs to avoid is requesting expedited processing of payments that bypass the standard processes and controls. Leaders setting the example of a disciplined approach to payments and not requesting exceptions also makes detecting phishing emails much clearer. Whether employees are working from home or in the office, a staunch security culture, starting at the top, provides the foundation to prevent phishing and other fraud attacks.
Tireless Technology Tools to Prevent Phishing Attacks
The workhorse of your phishing defense are robust technology tools for the prompt detection and prevention of attacks. With the absence of other employees to quickly and easily discuss in person about suspicious emails and requests, your employees need the extra support for identifying potential problems.
Email Phishing Detection Software
Utilizing phishing detection software produces near-instantaneous identification of potential suspicious emails. The software should provide your company with the following:
- Simple explanation of threat, based on a risk scoring system with details supporting the score, for users to make a decision or escalate.
- AI-powered models that classify and track data across transactions to identify potential patterns of fraud.
- Identification of fake senders, fraudulent invoices, false bank accounts, and payment requests.
- Scalability to grow as your company expands, and the customization options to meet your company’s unique needs.
Fraud Prevention and Analytics Software
A powerful AI/ML fraud prevention and detection platform is also essential in combating phishing and other cyber-attacks. Integrating tools like case management tools and advanced analytics results yields more horsepower for your defense. Deep learning and other AI models help you keep up with the latest schemes by increasingly sophisticated criminals.
Data Consortium
Don’t go it alone on fraud prevention; join a collective intelligence network to enrich your fraud set. The network’s anonymized data provides “digital fingerprints” to help you make faster and smarter decisions. Data consortiums allow you to keep with ever-evolving and complex phishing and other fraud schemes.
Working Out of the Office should not mean Out of Touch
Despite the security concerns that working remotely brings, its prevalence post-vaccine will be much higher than pre-pandemic. Keeping employees secure and in touch while working offsite requires stronger controls and an increased awareness of security threats.
Enhanced Internal Controls
Internal controls are critical in addressing business email compromise. Criminals prey on companies with loose controls that can easily be bypassed. Below are some internal controls to help prevent payment fraud:
- Ensuring segregation of duties among participants in invoicing and payment processes
- Dual confirmation required of email requests for funds transfer
- Prohibition on executives being a payment transaction initiator
- Strict manual payment approval protocols by role with amount limits, potentially with two approvals required over higher thresholds
Heightened Employee Awareness
Creating internal awareness is a highly cost-effective deterrent against phishing. However, surveys show significantly more progress is required:
- Only about half of North American workers understand the term “phishing”.
- Nearly half of the employees working remotely during the pandemic have not received additional fraud training.
Encouraging reporting of suspicious behaviors and ensuring no negative ramifications for “false alarms”, reinforces a strong security culture. It also elevates the level of awareness that helps thwart many attacks. Fraudsters count on employees not validating payment requests out of expedience or fear of questioning an executive.
Making security awareness training, not just part of the on-boarding curriculum, but an ongoing training requirement will reinforce the criticality of the issue. The upshot is you need to build a security culture in your organization that has a healthy suspicion of emails that contain requests for payment or other sensitive information.
In conclusion, the COVID pandemic has permanently altered our working environment and the fraud landscape. New technologies, controls, and processes are required to adapt to this change in both the near- and long-term. Fraudsters continuing surveillance, sophistication, and perseverance will not let up as the pandemic eases. Fighting them requires the same tenacity, and building a strong security culture and stout technology defense.
Gain Control of Your Inbox with Email AI
Fraud.net’s Email AI protects you from phishing, including business email compromise schemes by verifying trusted contacts and alerting you to suspicious activity, including:
- Fake senders
- False accounts
- Fraudulent invoices
- Spoofed emails
Integrated with our case management and analytics portals, our Email AI strengthens your protection and efficiency. The email software identifies risky subject lines, links, domains, and IP addresses. In addition, with our collective intelligence network, you can validate sender identities against our vast repository of fraud data. Every email receives a risk score along with supporting details to provide your team the flexibility to make the right choice for the email.