Businesses Beware Of Fake Meeting Requests
Hi,
Important that we meet discuss speerfishing attacks over business comunicatons. We need to make plan about this IMMEDIATELY. Please click on the link [uurl.callender.com] to make an appointment with IT for quick tutorial.
Regards,
IT
There are several things wrong with this email, and hopefully, you noticed them. All are red flags you can look for to avoid fake meeting requests or calendar-invite scams.
Business Email Communication (BEC) scams are not new. For example:
- Facebook and Google suffered a $121 million BEC scam.
- Ubiquiti lost $46.7 million to an attack.
- Toyota transferred $37 million to crooks in a BEC snafu.
In 2020, BEC attacks were the most lucrative scam. The US estimated cybercriminals made over $1.8 billion with this approach. Beyond money, falling victim to a BEC attack also costs your business time and reputation. Here’s what to look for and how to protect against BEC scammers.
How BEC Scams Work
With many more people working from home and meeting virtually, there’s been an uptick in BEC spearfishing attacks.
On Gmail, the bad actor needs only your email address to send an invite that adds to your calendar by default. Then, you might click on what appears to be a meeting link, which actually takes you to a malware site.
Zoom has also become an attack vector. You get an invite to a meeting that asks you to login into Microsoft Outlook. You’ve done it so many times before, except this is a fake login page, and it’s set up to steal your access credentials.
How to Protect Against BEC Scams
Educate your users. As with any other type of email scam, users need to learn to be careful about the links they click. Some indicators to look for, which you can see in our opening example, include:
- spelling mistakes;
- urgent appeals;
- poor phrasing;
- suspicious links.
Email addresses, links, and domain name inconsistencies are more bad signs. Plus, be wary if something seems too good to be true (a free laptop?) or is an unusual request (transfer $1 million from the CEO’s account).
Google Calendar users can go into General settings, then Event settings, and switch off “Automatically add invitations.” Instead, select “No, only show invitations to which I have responded.” Also, under Events from Gmail, you can stop calendar events auto-generating based on your inbox. Keep in mind, though, that you’ll also be blocking legitimate events.
In these days of the hybrid workforce, we’re used to clicking on links from Zoom, Google Docs, and Microsoft Office as part of our daily workflow. The cyber bad guys know this and are taking advantage of it. Unsubscribing from email lists, keeping your email private, and reporting spam to IT can all help.
Your business might also benefit from working with a managed service provider to use a third-party spam filter. Our experts can also review your cybersecurity posture and identify areas to improve your defenses.
Contact us today at 03 683 9090
Cyber criminals want your precious client data!
What would you say to your clients if they found out their information was freely available on the internet? Download our eBook below on how to protect your business.
Search our posts
More Tips
Avoid This Top IT Mistake: The “Wait and See” Approach
Patience is often a virtue, and being budget-conscious is also a plus in business. Yet taking a “wait and see” approach with business tech is a top IT mistake. There…
Think Before Sharing That Link
Learning to share is an important early-life skill. Now, you’ve mastered it, and you’re out in the workforce. Happily, digital technology makes it much easier to share business files, but…
Small Business Can’t Sacrifice Cybersecurity
For small businesses, it can be tempting to postpone cybersecurity efforts. There are many common excuses: “There’s so much to do,” “There’s not enough budget,” “Our business is too small…
Is Your Graphics Card Going Bad?
Whenever you create a graph on your computer, you’re going to need a graphics processing unit (GPU). Without one, you won’t see anything on your computer screen. So, obviously, it’s…