Cybersecurity attacks have been on the rise globally and in a recent article by Ronnie Apteker, founder of Internet Solutions, he highlighted the fact that cybercrime cost sub-Saharan Africa more than $3 billion (R37.2 billion at today’s rate) last year. When you are a small team of 20-30 people, you might think this kind of crime will not affect your business but unfortunately, small businesses are not exempt from cybercrime. In fact, phishing and email security threats are particularly serious for small businesses.
Think about it: If someone hacks your personal email, the extent of the breach will be limited because it hosts only your personal items. But if your business email is hacked, it will open the door to scam artists in ways you cannot imagine until you become a victim. Often, we cannot tell the stories we come across, so when Kate Goliath of Goliath & Goliath Comedy Clubs shared her story on The Money Show on 702 recently, we felt it was a great way to share the insights our team has garnered on a real-world breach that has occurred.
Beware of fraudulent invoices and emails
Kate was defrauded when her email accounts were hacked. At about the end of April, Kate was alerted by a client who had received emails which appeared to be from Goliath & Goliath. The emails said the account number on the invoice was incorrect and that the client should use an alternate account number. The client then received numerous emails asking for payment. The bank flagged and highlighted that the account could be fraudulent. Kate then found two more invoices with fraudulent account numbers that had been sent from her email account and sent to her (on separate occasions).
Don’t let email security be a second thought
The money which was taken by the fraudsters totalled a substantial sum that could have crippled the cash flow of this small business. Kate said they were not making any headway into how this crime could have happened or how it could be stopped. This prompted her to appear on the show so she could warn other small businesses to be aware of this kind of crime. Most businesses only realise how important email security is once a breach has occurred. This is because cybersecurity measures are not on a business owner’s mind and they often believe they are covered
Businesses are not always aware of sophisticated scams
Bruce said this was not internet banking fraud where a criminal has gained access to your account by stealing your card or account details and taken your money. This kind of crime is more frightening because it means that a criminal has hacked your email account via your internet service provider. Bruce said these criminals get in through the back door, gain access to your information and manipulate it to get your clients to pay them, not you.
Kate agreed. She said the fraudsters had logged in and changed PDFs of invoices that were prepared on invoicing systems. They cloned her email address and forwarded all her emails to their email address. They flagged all messages with the word, “invoice”, and also messages from specific clients. Kate found deleted emails from clients in a separate deleted emails box which was created (which was different to her trash box). This sneaky manipulation went undetected until clients pointed out the scam. Think about the data that’s housed in your employee emails and the damage it could do if it was used against your company.
The real cost of your hacked business email
Once criminals have gained access to your email account, it’s difficult, costly and time-consuming to undo the damage. Kate was alerted when she received a proof of payment from a client which had Goliath & Goliath as recipients. The criminals had added the name as part of their payment process. But she was suspicious when she noticed that the account details were different to hers. Kate asked her bank to track the account number but they said before this could be done, she had to lay a fraud charge with the police. The bank would then stop the account, but it was already emptied. Kate was told she could only get information about the bank account if she obtained a subpoena from the police officer investigating the case.
Secure your data, email and internet connection before it’s needed.
At Ignite, we work with you to find the best solution to support your business. We believe that all strong IT systems must be protected and backed up and we have a set of products to ensure you don’t fall prey to phishing and email security threats.
- s, with phishing protection and security measures, will help businesses like Goliath & Goliath protect themselves from this type of incident. Securemail offers a 99.5% spam protection, 100% virus protection, and comprehensive phishing protection. Our email security services are smart and provide a true insight into email usage, top threats and bandwidth savings, and also provide you with integrated advanced reports.
- Cloud Backup provides you with the peace of mind that your critical data is safe and secure. This solution is adaptable according to your requirements and features powerful encryption.
- Sophos security offers holistic network software for
all-roundprotection. This industry-leading solution protects networks from coordinated threats.
If you are worried about phishing and email security threats, check out our cybersecurity risk assessment.