How Hackers are Watching Your Inbox
Every month it seems there's a new report of a breach at a large company or hackers have figured out a new way to access your data, and small businesses are the number one target and most vulnerable. With every 2 out of 5 Cloud Protect deployments, we find that those businesses were already hacked in some way.
The most common approach we see from hackers are with users who don't have Multi-Factor Authentication, or MFA (although we have seen it on MFA users as well). The hacker will infiltrate your email inbox and setup an RSS feed or forwarding rule so they don't have to keep logging in. Then they wait...
With our security product called Cloud Protect, we've found hackers during deployment who have been dormant for over a year, simply waiting to hijack an email to accounting or invoice from a vendor to get you to pay them instead.
Here are some ways a hacker will do this:
- The hacker will spoof an incoming email so it shows from the user you'd expect an email from. It will have an invoice you were expecting, however, the payment form or ACH information will go to the hacker instead of the business you expected.
- The hacker will take an email chain that has executive approval and forward it to accounts payable or whoever the payment person is at the company for funding.
- Don't utilize an internal payment process over email. Implement a payment process from software such as Dynamics, Quickbooks, etc.
- Implement MFA and Conditional Access policies to require additional steps in a compromised password scenario.
- Implement security monitoring tools that alert on abnormal usage. Check out our solution here: Cloud Protect.