fbpx

How an insecure mailbox can cost you R100k

Reading Time: 3 minutes This past week I received a call from someone who was a victim of cybercrime. His Telkom mailbox was hacked without his knowledge and the hacker set up an automatic forward for all emails that contained the word ‘invoice’ in the subject line. The hacker then edited the invoice with his own banking details and forwarded the email back to him as though it was being sent from the original sender. The victim made the payment of R100k into the cybercriminal’s account. Fortunately for him, he discovered that there was something wrong after his supplier claimed not to have received the payment. Upon further investigation, he found that his Telkom mailbox was hacked and that that he was a victim of cybercrime. To cut a long story short, he called the bank, reported a case of fraud, and eventually had the payment reversed. The lesson here is that cybercrime is real, and we need to know how to protect ourselves from becoming victims. Below is a basic list of five things that you can do to protect yourself and your business: (1) Do not use mailboxes from service providers like Telkom, Mweb, and Afrihost This refers to anything that ends in @telkomsa.net, @mweb.co.za, @afrihost.co.za, @vodamail.co.za., and the like. Most of […]
How An Insecure Mailbox Can Cost You R100k – Isite Computers
Reading Time: 3 minutes

This past week I received a call from someone who was a victim of cybercrime.

His Telkom mailbox was hacked without his knowledge and the hacker set up an automatic forward for all emails that contained the word ‘invoice’ in the subject line.

The hacker then edited the invoice with his own banking details and forwarded the email back to him as though it was being sent from the original sender.

The victim made the payment of R100k into the cybercriminal’s account.

Fortunately for him, he discovered that there was something wrong after his supplier claimed not to have received the payment. Upon further investigation, he found that his Telkom mailbox was hacked and that that he was a victim of cybercrime. To cut a long story short, he called the bank, reported a case of fraud, and eventually had the payment reversed.

The lesson here is that cybercrime is real, and we need to know how to protect ourselves from becoming victims. Below is a basic list of five things that you can do to protect yourself and your business:

(1) Do not use mailboxes from service providers like Telkom, Mweb, and Afrihost


This refers to anything that ends in @telkomsa.net, @mweb.co.za, @afrihost.co.za, @vodamail.co.za., and the like. Most of these providers do not offer security at a level that is needed for a business email, such as blocking suspicious login attempts and multi-factor authentication.

And if you ever want to change to a secure industry-leading alternative like Microsoft 365, migration options are typically poor or not supported entirely. You also risk leaving contacts and/or emails behind on the old address. The sooner you move, the better.

(2) Register (and own) your own domain name

Along with a professional email address that matches your business name, registering your own domain puts you in direct control of your mailboxes. It becomes easy to enable and adjust security features for your email. As well as make direct changes at the highest DNS and MX level for ultimate protection safeguards. Mailboxes like @telkomsa.net and @gmail.com only give you a tiny fraction of security control.

Moreover, ensure that the domain name is registered in the name of your company – and not in the name of your web designer or hosting company. Otherwise, you risk losing your domain along with your email and website if things ever happen to turn sour in the future.

(3) Use platforms that allow multi-factor authentication

To prevent hacked email accounts in your business, multi-factor authentication (MFA) is a must. According to research by Google, accounts with MFA block 100% of automated bot attacks and 66% of direct, targeted attacks.

In short, MFA is an extra layer of security that requires a second step to sign in. For example, it requires you to enter a verification code sent to your cell phone via SMS in addition to your usual username and password. Even if someone guessed or obtained your password, they still can’t login.

Secure platforms like Microsoft Exchange and Google Apps have built-in MFA functionality. Use a platform with MFA for a proactive safeguard for your business email. To learn more:

How Two Factor Authentication Can Save You Thousands of $$$

(4) Disable email auto-forwarding

A hacker can enable auto-forwarding to duplicate and forward both your sent and received emails to his own email account. As in the case above, emails with words like ‘invoice,’ ‘bank,’ and/or ‘quotation,’ are specifically sent to the hacker for perpetrating financial fraud. In cases of espionage, the hacker (perhaps hired by a business competitor) can filter for emails with trade secrets and confidential information.

Vulnerabilities also exist internally. Out of convenience, some employees have work emails auto-forwarded to their personal email account. This puts your company at risk if the employee’s personal email is ever breached.

Related:
5 Effective Tips to Prevent a Data Breach in Your Small Business

Fortunately, combating the risks of auto-forwarding is easy. With many business email providers, it’s possible to disable auto-forwarding entirely across all users. If not possible with your current email system, investing in a modern solution is worth serious, immediate consideration.

(5) Subscribe to an advanced email security product

Unlike an antivirus that quarantines an attachment after you’ve downloaded it or your Outlook junk folder that filters spam after it’s already in your mailbox, advanced security products like Mimecast and Sophos detect and destroy malicious emails even before they reach your servers. Likewise, these products scan and block unsafe links, attachments, spoofs, hidden scripts, and malware to prevent disasters like ransomware and spear-phishing from damaging your business.

And because they operate from the cloud, your email protection is ‘always on’ and up-to-date – no matter where you or your employees are in the world. For formidable protection, it’s a must for SMB cybersecurity.

Email is one of the most vulnerable and accessible platforms, yet it’s the least protected. Remember, anti-virus software does nothing for email security. In fact, email is such a vulnerable platform that it needs to be protected in its own right.

Get A Free Audit of Your Email Cybersecurity

How does your email systems compare to the best practices covered above?

At iSite Computers, we help small to medium-sized businesses in South Africa with the latest in comprehensive, 24/7 managed IT protection.

Benefit from a free, no-obligation email security consult from our cybersecurity team. Request your free assessment or call us directly on 031 812 9650.

Call Isite Computers

Join Our Newsletter

Related Posts

Best Practices for Data Protection in Law Firms

Best Practices for Data Protection in Law Firms

As a law firm operating in South Africa, you are the custodian of sensitive information. Whether it’s client data, case files, or legal documents, the confidentiality and integrity of this data are paramount.  In an era where cyber threats such as ransomware are...

read more
Ransomware Protection Strategies for Law Firms

Ransomware Protection Strategies for Law Firms

Ransomware poses a growing threat to organisations globally – and the legal sector is far from immune. In fact, the sensitive and valuable nature of the data held by law firms makes them a desirable target. With this rising threat, it's imperative for firms to...

read more

Comments

0 Comments

Trackbacks/Pingbacks

  1. IT Security in A Nutshell: Three Tips for Safer Email – iSite Computers - […] How An Insecure Mailbox Can Cost You R100k […]
  2. Two Factor Authentication Can Save You Thousands of $$$ - iSite Computers - […] He then edits an invoice from your supplier with his own banking details. He sends the bogus invoice back…

Submit a Comment

Your email address will not be published. Required fields are marked *