Subscribe
About

Serious consequences for companies that invoice via e-mail

By J2 Software CEO John Mc Loughlin
John Mc Loughlin, CEO, J2 Software.
John Mc Loughlin, CEO, J2 Software.

South Africa's largest law firm, ENSafrica, has recently been ordered to pay a cyber crime victim R5.5 million after a syndicate successfully hacked into a client's e-mail during a property transaction. The hackers altered the bank account number in a PDF invoice sent by the law firm, resulting in the client losing a substantial amount of money.

ENSafrica was handling the conveyancing of a house. Unfortunately, the funds intended for the law firm's trust account were redirected to the account of a hacker and swiftly taken away. The client took legal action against the law firm, alleging that they had failed in their duty of care by negligently not informing her of the dangers of hacking or taking necessary measures to prevent it.

This court decision serves as evidence that companies can face consequences for using plain and unsecured e-mail for invoicing purposes. The judgment stated that the law firm failed to provide adequate warnings to the client regarding potential cyber threats.

E-mail has become an essential part of our daily lives. We use it to communicate with friends, family and colleagues, as well as to manage our finances, purchase goods and access important information. However, despite its many benefits, e-mail is also a favourite target for cyber criminals.

E-mail cyber crime, or "phishing", is a rapidly growing threat that can have devastating consequences for individuals and organisations alike. In this article, we will discuss the dangers of e-mail cyber crime and what you can do to protect yourself.

One of the biggest dangers of e-mail cyber crime is the theft of your credentials and identity theft. Cyber criminals use phishing e-mails to steal personal information, such as passwords, to gain access to your systems and online platforms.

This information can then be used to steal money from bank accounts, make unauthorised purchases or even take out loans in your name. The consequences of identity theft can be severe, leaving victims with ruined credit, legal problems and a great deal of stress and anxiety.

Another danger of e-mail cyber crime is the spread of malware. Cyber criminals use phishing e-mails to trick people into downloading malware, which can infect their computers and give the attacker control over their devices.

Malware can be used to steal personal information, install additional software or even launch attacks on other computers. In some cases, malware can even turn your computer into a "zombie" that can be used to participate in a larger cyber attack.

A third danger of e-mail cyber crime is the spread of scams and fraud. Cyber criminals use phishing e-mails to trick people into giving them money or personal information. They might claim that you have won a prize, owe taxes or need to update your account information.

If you fall for these scams, you could end up losing money or giving away sensitive information or access to systems that allow for malicious cyber criminals to extort you or your business for large sums of money.

To protect yourself from e-mail cyber crime, it's important to be vigilant and take steps to secure your computer and e-mail account. Here are some tips:

  1. Enable multi-factor authentication (MFA): Use MFA on every platform possible to add an extra layer of security to your e-mail account. This additional layer will go a long way in protecting yourself and those connected to you.
  2. Be wary of unexpected e-mails: If you receive an e-mail from an unknown sender or one that seems suspicious, don't open it or click on any links. If an email arrives that is different to the normal method of interacting with a sender or business, treat it as malicious.
  3. Verify the sender: If you receive an e-mail from a company or organisation, verify that it's legitimate by visiting the company's website or contacting them directly. Do not use the contact details provided in the e-mail.
  4. Use strong passwords: Make sure your e-mail account and computer are protected with strong, unique passwords. I recommend using a good password manager to ensure unique and near impossible to guess passwords for each platform. Password re-use is a high-risk behaviour.
  5. Keep your software up to date: Regularly patch or update all software and systems to continually deploy the latest fixes to new vulnerabilities. Failure to patch vulnerabilities is high risk and can provide access to malicious actors.
  6. Be cautious with attachments: Be careful when opening attachments, especially if they are from unknown senders. Attachments can contain malware or viruses that can infect your computer. I suggest using an additional e-mail gateway that can prevent malicious attachments from getting to your users.
  7. Educate yourself and others: Stay informed about the latest e-mail scams and phishing tactics and share this information with friends, family and colleagues.
  8. Monitor systems for strange and anomalous activities to allow you the ability to respond.
  9. Configure your platforms securely; many people do not know that large cloud platforms do not come with all required security in place. Use the capabilities of these platforms to restrict login locations, log events and monitor for changes. It is these changes that can help us identify when an account is compromised.
  10. Deploy secure e-mail capability that gives you the ability to send secured attachments to your clients.
  11. Engage an established cyber security focused business to help you on this journey.
  12. Using an expert will allow you to build out resilience. Assume compromise, know that something will fail and one of your security layers will be breached. A solid cyber resilience plan will allow you to identify this and your layered defence will ensure that one layer does not bring down then entire infrastructure.

This warning applies not just to law firms but also to any other organisations that use plain e-mail to exchange information related to financial transactions without implementing additional security measures and without providing sufficient education to their clients.

This court ruling highlights the fact that businesses (not just legal firms) engaged in financial transactions must now not only secure their own systems but also actively help and educate their clients about the risks of sending sensitive information through standard e-mail. It raises the question of whether businesses are doing enough to inform their clients about these dangers.

In conclusion, e-mail cyber crime is a serious threat that can have devastating consequences for individuals and organisations. By being vigilant and taking steps to protect yourself, you can reduce your risk of becoming a victim. Remember, if something seems too good to be true, it probably is. Don't be afraid to ask questions and always be on the lookout for suspicious e-mails.

Share

J2 Software

J2 Software is a cyber security focused technology business founded in 2006 to address the need for effective cybersecurity, governance, risk and compliance solutions that are practical and purpose built.

The continued rise of cybercrime, identity theft and confidential data leakage drives the requirement for J2 Software’s managed cyber security service offerings, not only for competitive advantage, but as an absolute business necessity. The company offers managed cyber security services for every business. We ensure that you have greater visibility to identify risky behaviour and enhance the capability to respond to prevent losses.

J2 Software delivers essential tools that empower organisations to take control of their technology spend. The company's hand-picked solutions are combined with our services to provide complete visibility over its customers' environment, while reducing risk and lowering costs.

J2 Software is helping improve the cyber resilience of our customers and provide services to more than 350 customers on 4 continents.

Editorial contacts

John Mc Loughlin
J2 Software
(021) 461 1223
john@j2.co.za