Remote workers are the target in focus for cyber-criminals. These cyber criminals deceive home-based employees into exposing sensitive data and access to company funds by impersonating senior management on email scams. Does the solution to this email threat start with the study of our communication habits?

During the COVID-19 lockdown period we have seen an unprecedented rise in malicious email traffic, one IT security vendor reported an increase of 667% in identifiable phishing and scam emails.

Increased attack surface

This isn’t just COVID-19 themed spear-phishing, cyber criminals recognise that the workforce is now more dispersed than ever before. The increased number of targets improves their chances of success in tricking an unsuspecting email recipient into responding to a malicious request. For the scammers it is a simple matter of time and a question of probability; a business receiving around 1 million emails per year where 0.1% are malicious and bypass security measures results in employees having to correctly identify 1,000 potential scams.

Business email compromise (BEC) scams are now one of the most common methods of attack for cybercriminals, in the US the FBI recorded 166,349 domestic and international instances of BEC over a 3 year period, resulting in a total exposed loss of over 26 billion dollars.

Phishing email threat vector

A typical BEC scam would involve obtaining email account credentials for a senior member of staff via a phishing campaign and then monitoring the compromised email account to study the victim’s regular communication tones and contacts. When the attacker is confident they have learned enough they will send an urgently worded email to a target instructing them to carry out an important request; usually a monetary transaction that does not appear to be out of the ordinary but will result in financial gain for the criminal.

Remote workers rely heavily on email, it is their primary form of communication. Additionally, remote workers do not share their workspace with colleagues, they cannot simply head over to a co-worker or managers desk to run something by them or check they have understood something correctly, this must now be done by phone or email and when we are isolated or inattentive it is sometimes within our behaviour for this clarification to be overlooked.

How then do we avoid these BEC scams that have no easily identifiable malicious components?

Technology and training

A layered approach is needed, one that addresses every aspect of the attack in the most efficient way. Primarily, we must prevent the attacker from gaining user credentials to access a business email account, shadow IT detection can then be used to identify a sign-in from a non-familiar device.

Emerging solutions utilising artificial intelligence can identify and recognise communication patterns and the unique aspects we all bring to our daily email behaviour and practices. This behavioural data can then be used to detect and quarantine emails that do not display the same characteristics.

Unfortunately, no matter how sophisticated our technology solutions get it is unlikely that even machine intelligent email security solutions will be infallible, therefore we must also invest in training the workforce to increase their awareness and ability to identify this type of email threat, education needs to be regular also, this type of cyber-crime evolves at a fast pace and as such, so must we.

Because of the rapid increase in remote working, business email compromise is a more serious and common threat than ever before and is not specific to business size or industry. Cyber criminals will exploit our sometimes very basic human behaviour to deceive and manipulate an employee into performing a seemingly genuine task that ultimately defrauds a business, all whilst the very unfortunate employee thinks they are merely doing their job.

Blog written by Howard Johnson, Cyber Practice Lead –

Further Information about email scams

For more information about home working during COVID-19 from NG IT click here.
For further information about home working from the UK government click here.
For further information about email scams from Barracuda click here.