ShareFile Blog

The end of the email era: The risk of social engineering

Not too long ago, email was the most amazing technology on the market. As the internet gained popularity, the world quickly adopted email as the new standard for corporate and personal communications. But approaching the end of 2017, I notice a new trend in email and interoffice communications – thanks to social engineering, executives and corporations are moving away from email as the main form of communication.

What is social engineering?

Social engineering is, quite simply, people hacking. Scammers and hackers found that by sending emails pretending to be the CEO of a corporation, they can convince the CFO or company accountant to wire money into foreign accounts without little trouble.

Over the years, scammers became more sophisticated. They duplicate email signatures and mimic style of speech to become even more convincing. Many companies have fallen prey to this scheme, with CFOs wiring tens of thousands of dollars to criminals, seemingly voluntarily.

How can I prevent social engineering?

One CEO I spoke to last week mentioned that her company gets hit, on average, twice per week with this type of scam. Therefore, the company has shifted communications to using Slack. Slack is web based, available on mobile devices, and allows for more linear conversation on projects and team communications. (Don’t worry – I am not a paid spokesperson for Slack. The only relation to slack that I have was that most of my time in school I was accused of slacking off.)

Other ways your company can avoid social engineering:

  1. Only allow the transfer of money to take place after a face-to-face authorization. This means in person or via teleconferencing. There are many technology solutions to make this a viable solution.
  2. Use instant messenger along with email, or a Slack-type solution to initiate requests. It makes it simple to ignore email requests to transfer funds.
  3. Pick up the phone. You don’t necessarily have to get fancy and use video chat. If you get an email from your CEO asking to wire money, pick up the phone and call him or her.

While these new policies may be received with grumbles, I would much rather double check a request via phone rather than risk the security of the company.

Interested in learning more about social engineering? I highly recommend these books by Chris Hadnagy.

Ready to learn more useful tips on how to protect your data, clients, and business? Watch my free webinar on demand.