Despite all the warnings your finance staff hears about email scams, it’s all too easy for them to forget those warnings during a busy workday.
They’re cutting checks, answering customer queries, opening emails … and all of a sudden, a staffer realizes he just clicked on what could be a malicious threat.
A change in tactic
At most companies, CFOs and IT leaders actively work to keep staffers abreast of email scams and threats. So, why are scams still so easy to fall for?
Criminals aren’t sticking to just classic approaches, like fake wire requests from the CEO, to trick your finance staff into sharing private data or sending unauthorized payments. More and more, they’re using seemingly innocent email hooks and subject lines, found a new 2020 report from the security experts at Proofpoint.
Example: An A/P staffer may be automatically suspicious of an “urgent” payment request from an “executive” at their company. They’d be wary of clicking any links or opening any attachments. But if that same A/P staffer got a message with an “updated company policy or plan” from “HR,” they might not think twice about clicking a link or opening an attachment.
‘Most successful’ email hooks
In its report, Proofpoint assessed what kind of duplicitous email subject lines criminals used – and staffers actually fell for. Some of the most successful email hooks Proofpoint identified were:
- SharePoint document
- scanned from a Xerox Multifunction Printer
- dealer proposal
- updated building evacuation plan
- confidential document
- [first name], please add me to your LinkedIn network
- lost watch, and
- lost ring.
Given all the dispersed work and business disruption due to the coronavirus pandemic, it’d be good to bring this to your finance staff’s attention. Remind them criminals may try to get their guard down with “harmless” emails they wouldn’t think twice about opening. And share the list of most successful subject lines, so they get familiar with real-life examples of email hooks to look out for.