Electronic funds transfer (EFT) fraud and cyber-attacks are closely related, as most EFT fraud starts with email communication. With good spam/malware software in place, most of us don’t realize how many dangerous emails are actually being sent to us. It is estimated that 80% of all emails are spam-related. Let’s explain the terms.
Spam: A term that refers to unsolicited junk email sent out in bulk. Many are simply marketing emails to get you to click on an ad to buy something, but some are much more dangerous.
Phishing: A compelling email, phone call (vishing), or text message (mishing) that asks you to change your email password or payment information. This is more directed than bulk spam email.
Spear-phishing: This targets a specific individual in an organization. A form of spear-phishing, called whaling, specifically targets executives.
Business Email Compromise (BEC): Similar to phishing, these email scams involve sending a fake email message to a specific employee by a cybercriminal posing as a senior executive, such as the CEO or CFO, requesting them to send a wire or ACH payment to an account controlled by the criminal.
Malware: Short for malicious software, an email that asks you to open an attachment or click on a link, which then instantly loads a virus (other terms include rootkit or adware) onto your device. This virus is preprogrammed to copy itself and spread from device to device, including printers, tablets, network servers, and eventually all the computers tied to your network. This virus will then control settings, copy your data, monitor your activities (often in the background undetected for long periods of time), then target you for other manipulative actions.
Ransomware: A form of malware that can encrypt your files, computer, and the entire network, completely locking you out of your entire system so that neither you nor others can gain access without paying a ransom of some sort.
Employees need constant training in how to spot and avoid these ever-changing dangers. Spam email can be very deceiving. Staff should be provided a resource for forwarding any suspicious emails to, where an IT expert can scan them for safety. A detailed article with tips to share with the staff was published in our Fall ASCIP Views. See our Cyber EFT Best Practices for more details.