Email Fraud & Security

Protecting your email accounts from being hacked is about making it difficult for intruders to access your data and adding two factor authentication can help in preventing incursion.

In the past two months, two of our clients have been caught in the following scenario:

They have had their email hacked, and the hackers have trawled through their emails found invoices from a supplier, purchased a domain that is very similar to that supplier, (one character in the email address that goes unnoticed by the client recipient) and then sends an updated invoice to our clients with new banking details. These hackers have also setup rules in the clients emails to enable them to correspond with them as if its the original supplier. The clients pay the invoice, but unfortunately to the fraudulent bank accounts set up by the criminals. By the time our clients and their Suppliers notice what has happened, the accounts are drained and the funds gone. Police reports can be filed, but there is little that can be done to recover or reimburse for the stolen funds.

One way to make this scam a bit harder to deploy is by enabling Multi-factor authentication (MFA) on your email accounts.

A security measure that requires two or more proofs of identity to grant you access Multi-factor authentication (MFA) typically requires a combination of something the user knows (pin, secret question), physically possesses (card, token) or inherently possesses (finger print, retina).

Significantly more powerful security The multiple layers make it much harder for criminals to attack your business. Criminals might manage to steal one proof of identity e.g. PIN, but they still need to obtain and use the other proofs of identity. Two-factor authentication (2FA) is the most common type of MFA.

We encourage all of our clients to set this up on all of their Email/Social Media accounts

One of the best sites for information on enabling this feature is the Australian Cyber Security Centre