Hackers are constantly updating their techniques to hack into your systems. Over the last several months, we’ve seen more and more cases with a similar story: hackers accessing – and hiding in – employees’ work email accounts.
In one case, a local South Louisiana company approached EDC to help remediate a six-figure email hack and prevent hacks in the future.
These days, the most successful hacks begin in your inbox. One employee from a local South Louisiana company cost his employer $100,000 through his Office 365 account while communicating with his employer’s insurance provider – or so he thought.
How Hackers Hide: Inbox Edition
Hackers don’t just hide behind code – they hide in your inbox.
Here’s how these hackers played hide and seek:
The company’s insurance provider sent an email to the employee that confirmed the insurance provider had received payment for $100,000.
Hackers seized the opportunity and sent an email from the employee’s own inbox requesting the insurance provider void the payment. Hackers deleted their messages to and from the insurance provider to hide in the employee’s inbox.
Hackers created a new domain that looked like the insurance provider’s website.
From the new domain, hackers emailed the employee, saying there was a problem on their end with payment, and they asked that the employee resubmit payment to the correct ACH account.
The employee then paid the hackers $100,000 directly, not understanding the risk.
Hackers are constantly coming up with more complex ways of stealing money (or data, which can be far more valuable than money) from businesses and individuals. At EDC, we’re dedicated to adapting how we handle our Managed IT services, E-SHIELD, so you can rest assured that you’re protected against any data breach or disruption of productivity.
As Louisiana’s premier IT solutions company, we here at EDC use a proven process that protects our clients from security risks they may be unaware of until it’s too late: E-SHIELD. With E-SHIELD, businesses can rest easy with the knowledge that EDC is on the job.
EDC could have prevented these hackers from the beginning with a few simple steps:
- Multifactor authentication: Setting up multifactor authentication (MFA) would have kept the hackers from logging in to the employee’s mailbox. MFA logins require the user to provider two or more verification factors to access an account, such as an SMS text message with a code.
- Cyber liability insurance: Had the company invested in cyber liability insurance, they would have had insurance pay the bill. This type of insurance protects companies from data breaches and other cyber security concerns. At EDC, we recommend everyone gets cyber liability insurance.
- ACH confirmation: Setting up an ACH confirmation process for any time the staff changes an ACH number would have alerted the company that the changes were fraudulently.
The EDC Way
At EDC, we’re constantly evolving our approach to new challenges. That’s how we prevent problems from happening before they start. Our dedicated team of IT professionals is here to help you.
From strategizing a plan to providing multiple lines of defense against hackers, we will ensure your data and private information is safe behind a vanguard of security measures.
To learn more about EDC visit EDCNOW.com, or to schedule a free consultation on how we can help with your IT needs, call us at: 337.235.7741 in Lafayette or 504.322.3622 in New Orleans.