Caution! Damaging Email Scams in Every Inbox

Vol. 6 No. 8

riskmanager eletter Vol6 No8 emailfraud

“You’ve got mail!”

If you’re over thirty, you’ll remember booting up the computer and feeling a frisson of excitement when your system announced the arrival of email. It didn’t take long, however, for that excitement to be dampened by caution. Hackers quickly figured out ways to invade our privacy, capture personal information, and freeze our systems—which was so often delivered by the very same communication vehicle that made us smile: email.

Email Scams 2.0

Over the years, we’ve grown smarter about spotting spam emails. Certainly, our email clients—Gmail, Outlook, Apple mail, etc.—have improved their harmful message filters. Yet, as our technologies improve, so do the masterminds behind email scams. CNBC reported in January 2016 that spam emails are estimated to have cost companies two billion dollars over the past two years.

One in four companies suffers from email scams. Cyberterrorists have evolved. They are no longer simply criminals determined to melt hard drives or capture bank information. Hackers today are a professional grade, willing to invest time and energy into researching and stalking their prey. They’re clever, crafty—and they’ve done their homework.

Popular with hackers today is what the FBI has termed “CEO scams.” These are emails sent from a hacker impersonating a boss, senior level manager, or the CEO. These messages often mention a current project or situation the company has invested in—information not readily available or made public.

More than 12,000 businesses worldwide have fallen victim to CEO scams between October 2013 and February 2016. These are professional communications, easily assumed to be legit. One example of the level of sophistication these scams employ is Xoom, an international money transfer company recently acquired by PayPal. The organization was targeted and scammed into transferring $30.8 million dollars to an overseas account.

The news only gets worse. Most cyber insurance policies do not protect against this type of impersonation scam. Usually, if a company is hacked (database breach, virus, etc.) and money syphoned out, most insurances cover the damage. However, CEO scams involve people willfully making the transaction, and therefore are not covered by most policies. Insurance providers are still evaluating this new trend in cyber attacks.

You might think your school won’t be affected because you’re not managing millions of dollars and you don’t have an overseas franchise requiring you to wire money. We hate to be the bearer of bad news, but small companies have also reported attacks.

Last year, the Swedesboro–Woolwich school district in New Jersey was targeted and their computer system held for ransom. The attack delayed four elementary schools from completing mandatory statewide testing.

How schools can protect themselves

Knowledge is power.

Keep this link in your bookmarks: Federal Trade Commission Scam Alerts. This site not only reports popular scams, but also provides important resources that smaller organizations can utilize to help protect themselves. It also offers information about consumer scams that can affect your students (e.g., financial aid and college admittance scams) and your families.

Take a class at Hacker High School.

Cybersecurity is estimated to be one of the fastest growing industries over the next decade, growing at a rate of 36.5% through 2022. Students looking to get a jump-start on their career, as well as teachers and administrators looking to polish their online awareness, can take classes online at Hacker High School.

Old tricks still work.

Yes, cyber attackers are craftier than ever, but that’s no reason to give up. Old tricks such as changing your password frequently, locking your wifi’s accessibility, avoiding public wifi, turning Bluetooth off when you’re finished using it, and not sharing personal information in online forums and chat groups still work to protect you. These are good online habits to have and keep. Outsmart online predators!

Obtain Cyber Insurance.

Such coverage isn’t just for tech-focused or large schools! Cyber Insurance may not cover authorized money transfers completed under false pretenses just yet, but it does cover many online threats. Schools of all sizes maintain sensitive personal information about their students, families, financial aid applicants, and employees. This information is at risk for compromise—no database is too small for an online predator. Invest in an Cyber Insurance policy that protects your school from financial liability in the event of a data breach.

The key to a longer life is less stress. While ISM’s Cyber Insurance does not cover CEO-scams just yet, our coverage does offer financial protection in the event your school’s information is compromised—meaning one less thing to keep you awake at night. ISM’s policy can be purchased as a stand-alone coverage, or as an additional coverage under our Employment Practices Liability policy. Have your broker contact us at 302-656-4944. Or, you can contact us directly! We’re broker of record for 877+ private-independent schools and would love to help you find creative solutions to your insurance needs.

Additional ISM resources:
The Source for Risk Managers Vol. 5 No. 10 Ask ISM’s Risk Manager
The Source for Risk Managers Vol. 4 No. 2 The New iPredator
The Source for School Heads Vol. 9 No. 8 According to a New Study Teachers Ill-Prepared to Teach Cybersafety

blog comments powered by Disqus
Connect with ISM: