A new report from Proofpoint has revealed 82% of boards are concerned about email fraud with six out of 10 businesses considering email fraud to be a major security risk and with good reason. Email fraud is now commonplace and poses a major threat to businesses of all sizes, from mom and pop stores to the largest enterprises.
The data for the report came from Proofpoint’s 2018 global ‘Understanding Email Fraud’ survey, which was conducted on 2,250 senior IT decision makers in the United Kingdom, United States, Germany, France, and Australia. Proofpoint gathered information on the email fraud over the past two years, discovered how email fraud incidents have impacted businesses, and the perceived level of risk faced by businesses in this area.
One of the key problems in preventing email fraud is a lack of board involvement. The problem is now so serious that it cannot be considered to be solely an IT issue. Almost one third of respondents said that in spite of the risk posed by email fraud there was a lack of board support which was hampering efforts to combat the problem. Board involvement is needed to ensure that IT departments and the entire workforce are given the necessary tools and security solutions to combat the threat, which is often missed by traditional software tools.
Proofpoint notes that email fraud is highly pervasive and while there are sophisticated attacks, many are deceptively simple. Email fraud can be difficult to detect, especially Business Email Compromise (BEC) attacks. BEC attacks usually start with a phishing email. A company executive is fooled into disclosing email credentials. The account is then used to send emails to staff members requesting certain actions be taken, such as making a wire transfer or sending sensitive data such as the W-2 Forms of employees.
These attacks are conducted on a small scale and abuse of trust in a company executive. The attacks are difficult to identify and are often successful. The scams are often detected long after money or data has been stolen from the company.
The Understanding Email Fraud Report reveals 75% of businesses have had at least one targeted email fraud attack in the past 2 years and four out of ten businesses have experienced multiple email fraud attempts. 33% of respondents said email fraud has resulted in a loss of funds, disruption to business services, and downtime, while 24% said that cases of email fraud have resulted in employee termination.
In response to the threat, 57% of businesses have now started providing anti-phishing training to employees and 46% have adopted email authentication – such as DMARC. Even so, 77% of businesses believe they will become a victim of email fraud in the next 12 months.