Not too long ago, scam emails were typically easy to catch — they were full of spelling and grammar errors. Now that bad actors can use AI to help draft their emails, it is more difficult to spot fraudulent messages.
I recently received the screenshot above from a church member who I know well. She goes by the nickname Judi, so I immediately recognized it as a fraudulent email and reached out to her to let her know of the issue.
A couple of hours later, I received a call from another church member. She had also received a message from “Judith” and responded. Not only that, she immediately went to the store to purchase the gift cards that had been requested. Fortunately, before sending the gift cards, she called my husband to see if he thought the email was legitimate. When she learned that it was not from Judi, she was relieved that she had not sent the gift cards.
This is just one example of a situation where an email account has been compromised. At New Covenant Trust Company, we have also seen instances where an authorized signer account was compromised, and we received emails asking for withdrawals, account changes, etc. But thanks to our enhanced security procedures, no changes or withdrawals occurred with any client account.
It seems like every day there is a report of another data breach, which puts us all at risk. Here are some tips to help you protect yourself and the organizations you serve.
Use Strong, Unique Passwords
One of the easiest ways to protect yourself against email cyber attacks is to create complex passwords. Combine uppercase and lowercase letters, numbers and symbols. Aim for at least 12 characters. Often, it’s easier to use a pass phrase and swap out some of the letters for other characters. For example: Myfavor1tecolorI$yellow!
Make sure you avoid using common words. Do not use easily guessable information like birthdays or names.
Implement Multi-Factor Authentication (MFA)
Enhance security by enabling MFA on email accounts. This adds an extra layer of protection by requiring a second form of verification (like a text message code or authentication app).
Be Wary of Phishing Attempts
You can recognize suspicious emails by looking for signs of phishing such as mismatched email addresses, poor grammar or urgent requests for contact or personal information.
If you receive a request for sensitive information or for gift cards or a funds transfer, verify it through a different communication channel. The best option is to call the person directly using a known number.
Regularly Update Software
Ensure that all your devices and applications, including email clients like Outlook, are regularly updated to protect against vulnerabilities. Whenever possible, enable automatic updates to simplify this process.
Monitor Accounts for Suspicious Activity
Regularly review your email account activity for any unauthorized logins or unusual behavior. If you suspect that your email has been compromised, report it to your IT department or email provider right away.
Backup Important Data
Ensure that all important data, including emails, is backed up regularly to prevent data loss in case of a breach. Consider using secure cloud storage solutions that offer encryption.
Store Account Information Offline
Finally, we urge you not to use email as an information repository, especially for banking or investing accounts. Delete emails from your financial institutions.
If a bad actor gets into your email account, it’s much easier for them to breach your financial institutions if they have your contact information or account numbers.
We’re always available to discuss email security, or any other cybersecurity concerns. Please don’t hesitate to reach out at 800-858-6127, Option 6.