Dubai: Dennis, an expatriate working for a financial services firm in Dubai, has just wired some money to their company’s chief executive officer (CEO). He received an email from his boss earlier telling him to send cash via Western Union, as he was travelling abroad and had run out of funds.
It did not take long for Dennis to realise that he was dealing with a fraud, that his CEO did not really send the email, nor was he begging for money from his staff.
"We’ve had quite a few cases like this where scammers send emails to our team, pretending to be someone else, just so they could take money or any valuable information from them,” said one IT manager in Dubai.
IT security experts have warned that hackers are now increasingly targeting companies in the Middle East by sending bogus emails with the sole purpose of stealing money and sensitive information or gaining access into companies’ computers.
Mimecast has recently reviewed more than 26 million emails sent to various firms in the Middle East and around the world. Out of these emails, hundreds of them were sent by fraudsters that managed to get through companies’ security systems.
“[We] uncovered almost three million pieces of spam, 6,681 dangerous file types, 1,207 known and 421 unknown malware attachments and 1,697 impersonation attacks,” the company, which specialises in cloud-based email management, said in a report released on Thursday.
Dangerous file types and malware attachments can be an image, video, PDF or word document attached to an email. Once the file is clicked open, it can activate a virus that can steal passwords, encrypt sensitive data or take over a staff’s personal computer. Impersonation attacks are the classic cyber approach, where a scammer pretends to be someone else to trick email recipients into doing something to their advantage.
Mimecast also polled 800 IT decision makers and executives in the region to find out the state of their company’s cybersecurity and what attacks they’ve seen increase.
Among those surveyed, 57 per cent in the UAE believe that they are likely to suffer an attack because most of them are still in the early stages of developing a cyber resilience strategy. Globally, about six in ten (64 per cent) organisations believe that they will suffer a negative business impact from cybercriminals in 2017, with more than half (56 per cent) expecting attacks to come via emails or links.
“It’s easy to assume that your email security solutions is protecting you from advanced attacks. If you don’t have visibility into what’s actually getting delivered to the inboxes of employees, why would you think otherwise?” Ed Jennings, chief operating officer at Mimecast, said.
“As we’ve shared the findings with [chief information security officers] globally, they’ve been taken aback by the volume and type of attacks getting through their current email security solutions.”
Jennings said that cybercriminals don't necessarily just steal information. "If a business is hacked, it's not always sensitive data that is targeted - sometimes there is a financial driver or the desire to control or sabotage technology systems," Jennings told Gulf News.
How to protect yourself against email scams:
1. Don’t simply click open any attachments, including links/URLs in emails from unknown senders. They could contain virus that may encrypt your data, steal your passwords or gain access to your computer.
2. Be wary of emails asking for confidential information, especially those of a financial nature supposedly sent by banks and other organisations.
3. Don’t get pressured into providing sensitive information. Scammers like to use scare tactics and may threaten to disable an account or delay services until you update certain information.
4. Watch out for generic-looking requests for information. Fraudulent emails are often not personalised, while authentic emails from your bank often reference an account you have with them
5. Don’t submit confidential information via forms embedded within email messages. Senders are often able to track all information entered.
6. Never use links in an email to connect to a website unless you are absolutely sure they are authentic. Instead, open a new browser window and type the URL directly into the address bar.
With inputs from Norton.com
