Craig McDonald 05 March 2018 14:03:48 AEDT 4 MIN READ

One email can take down your business: social engineering

Last December, cybercriminals stole millions of dollars from several law firms with a simple email scam.

The scammers phoned the lawyers and asked them for legal advice. After a conversation over the phone they promised to email the lawyers some ‘important documents’ related to their cases. When the lawyers opened the emails they found links that pointed to documents stored on an online file sharing site that required them to enter their email account passwords to gain access.

Unfortunately, the file sharing site was a fake, set up by the scammers to collect the lawyer’s login details so they could access their accounts and read their financial correspondence. The criminals intercepted emails requesting payment from the lawyer’s clients and sent substitute messages re-routing the money into their own bank accounts.

You can read the details of this case, here, but the moral of the story is this: one malicious email can do a lot of damage to your business.

Here’s another cautionary tale that I heard first hand at a conference in 2016:

The CEO of a big logistics company was about to leave work on a Friday afternoon when he got an email from his PA reminding him to authorise a money transfer to the tune of $20 million. He was expecting the message - the payment was the final step in closing a big deal he’d been working on for weeks - so he clicked on the link in his PA’s message and transferred the funds.

A few minutes later he got a confused phone call from his PA, asking where the money had gone. It turned out the message with the link he’d clicked on was phoney. Scammers had been monitoring the company’s communications and seen the opportunity for a big score. They sent a fake message, pretending to be the CEO’s PA and with one bogus link they got away with a cool $20 million.

Stories like the ones above sound outrageous, but social engineering crimes like this are becoming more and more common.

Social engineering attacks using simple tools like phone calls and email, are easy to perpetrate and can be very lucrative. It’s hardly surprising that email scams are a growth industry.

I recently published
an article about the WEF’s 2018 Global Risks Report, which contains some eye-opening stat’s on cybercrime:

According to the WEF report:

  • Cyberattacks reported by businesses almost doubled in the five years to 2017; from 68 attacks per business to 130 per business
  • A 2017 study of 254 companies put the annual cost of responding to cyberattacks at US$16.5 million per company, a year-on-year increase of 27.4%
  • The cost of cybercrime to businesses over the next five years is expected to be US$8 trillion

The WEF rates cyber-attacks as one of the most significant threats to economic growth in 2018.


(Above: excerpt from the WEF’s 2018 Global Risks Report.)

One email is all it takes for cybercriminals to break into a company’s computer systems, so with the growth in online fraud at an all-time high, it’s never been more important to take proactive steps to protect your business from attack.

If you're not sure where your business stands in terms of cybersecurity preparedness, take advantage of some free advice from MailGuard’s expert consultants.

You can speak to a MailGuard security consultant obligation free. The team who answer our phones are not in a distant call centre; they’re highly trained professionals who work closely with me and have a detailed understanding of the cybersecurity landscape.

If you need answers about cybercrime and how to protect your business, call MailGuard’s free advice line: 1300 30 44 30

> Join the conversation: follow Craig McDonald on Twitter or LinkedIn to stay informed about cybersecurity issues and news.