Don’t get duped – learn how to leverage 365’s new features to prevent fraudulence.
The FBI recently came out with a frightening statistic that almost $750,000,000 was lost due to a simple e-mail scam. What makes this number truly amazing is that this is not an aggregate amount. This is just from the time period of October 2013 through August 2015.
The business e-mail compromise scam is very simple by nature, and that is what makes it extremely successful. The perpetrators create false communication from an executive in the form of an email to initiate unauthorized wire transfers. This fraud is commonly known as “CEO Fraud.”
Take a moment and think about the following question: If it worked enough for to create nearly $750,000,000 of fraud, how often do you think it was attempted? The email is a lot more sophisticated then you might think. If you would just take the email on merit, you could justify initiating the transfer. I know, because I have seen several attempts on our company alone.
How can you take steps toward fraud prevention for your company? The obvious answer is strong internal controls. The problem with internal controls is that they are only as good as the employee’s capability to follow them. This is how 365 can help.
365 has created a tool that lets the employee know if an email looks suspicious. The brilliance with this tool is its simplicity. A fraudulent email will be accompanied by a red bar and a brief description of why this is could be fraudulent. This is a simple and powerful tool that can protect your business from the every growing problem of fraud.
Microsoft will classify email into four different types of categories:
- Suspicious email is email that has failed sender authentication or is simply a known phishing email. It will be flagged with a red bar:
- An Unknown message will be identified as yellow, and Exchange Online Protection will mark it as spam .
- Finally, a Trusted email will come from a domain that Microsoft has flagged as safe. It will have a green bar attached to it.
- A gray bar designates a Safe email—not one that’s necessarily safe, per se, but one that the user has pulled out of the Junk folder into the inbox, or that the organization has itself flagged as safe to read.
You’ll also have the option of letting Microsoft know that the message that it flagged as suspicious is in fact genuine. Some things can slip through the cracks though, so it is always a best practice to:
- Never give out personal details (such as passwords, bank information, social security numbers, etc.)
- Check the sender’s address if the request seems unusual. For example, our domain is solvingit.com, so all of our communications will include our actual domain. Scams and spammers could disguise their email under the name of the person it looks like it is from, or the address can include additional names and characters that look similar to the domain, but are not actually the domain itself.
- Modified or unverified brand names, such as Delta Air Official instead of Delta.
- Formatting or image quality issues – reputable brands or individuals typically have a very consistent look, feel and writing style.
- When in doubt, ask!