Email Communication Safety and Security

Email is an important tool for conducting business, however, it is a simple tool to manipulate. Explore ways to help keep your electronic communications safe and secure. 

Business Email Compromise

Business email compromise (BEC) is an exploit in which the attacker gains access to a corporate email account and spoofs/assumes the owner’s identity to defraud the company or its employees, customers or partners of money. In some cases, an attacker simply creates an account with an email address that is very similar to one on the corporate network. BEC are also referred to as man-in-the email attacks. Please click here to view our 2019 Business Email Compromise document, designed to help all users of Business email. 

A scammer might:

  • Spoof an email account or website. Slight variations on legitimate addresses (john.kelly@examplecompany.com vs. john.kelley@examplecompany.com) fool victims into thinking fake accounts are authentic.
  • Send spearphishing emails. These messages look like they’re from a trusted sender to trick victims into revealing confidential information. That information lets criminals access company accounts, calendars, and data that gives them the details they need to carry out the BEC schemes.
  • Use malware. Malicious software can infiltrate company networks and gain access to legitimate email threads about billing and invoices. That information is used to time requests or send messages so accountants or financial officers don’t question payment requests. Malware also lets criminals gain undetected access to a victim’s data, including passwords and financial account information.
Encryption

Lock IconWhat is Encryption? 

Email encryption is a process that protects emails from being read by unauthorized eyes by encoding the contents of the email. If someone tries to read encrypted emails you’ve sent or received, they’ll only see an email message with garbled text. from A Beginners Guide to Email Encryption

VCOE Encryption Practices

Barracuda is our email spam filter, scanning all inbound and outbound email for viruses, malware, and now sensitive data., Currently, email sent to non VCOE email accounts, containing sensitive data (i.e. Social Security Number (SSN), Personally Identifiable Information (PII)), can and should be encrypted. It is a very easy process to encrypt an email and often happens automatically depending on email content.  To learn more about specific VCOE encryption methods go to VCOE Barracuda Email Encryption. [*note this document in on the VCOE Intranet and can only be accessed by those with VCOE login credentials] 

Phishing

What is Phishing? 

Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. from https://www.phishing.org/what-is-phishing 

person iconWhile phishing schemes typically rely on email, attachments and webpages to capture private data, social engineering might use these, the phone or any number of different methods. Social engineering involves psychologically manipulating people into divulging information or taking inappropriate actions. Very often victims have no idea they have done something wrong until the fraud is later exposed. Like spear phishing, social engineering attacks are highly targeted on a small number of potential victim. from https://www.graphus.ai/the-difference-between-phishing-spear-phishing-and-social-engineering/ 

Can You Spot the Phish?

Phishing Icon

Let's Practice