Scammers target businesses with phishing emails all the time, pretending to be legitimate customers or vendors asking for payment. While any company can be vulnerable to this type of attack, small- to medium-size companies are particularly vulnerable because it is easier for a scammer to do a bit of research online and identify the right people to impersonate or send a phishing email to. A quick social media search or a visit to a corporate website can quickly identify key people such as the CEO, company directors, accounting staff, or office managers who may be able to facilitate a requested fraudulent payment.

The most successful phishing attacks are those that combine technical expertise, e.g., the ability to spoof an email so it appears credible, with a little bit of online research such as identifying employees and their roles in the company. So, how can companies protect themselves against this type of attack?

The first thing is to understand that scammers can be extremely sophisticated and that any company may be vulnerable to this type of attack. Sometimes, it is hard to tell if an email is genuine. Second, appreciate that human factors are frequently exploited when it comes to phishing emails.

Let’s examine a couple of real-life case studies to show how scammers may target businesses using phishing emails.

Case Study 1 Business phishing email

In this example, scammers used the technique known as evoking authority by pretending to be the company director, who has authority over Anna. This is a very common technique used in many scams and frequently in phishing scams sent to businesses. It is effective because many people shy away from openly questioning the motives or actions of those who are in a position of authority. At work, this may include managers, company directors, or leaders. In other contexts, (Read more...)