If you thought email scams were all about Nigerian princes and unknown lottery wins, think again.
An Omaha man has lost his job after being tricked into sending $17 million of company funds to scammers.
The tricksters sent emails that appeared to come from the CEO and its auditors, but not his usual email address. They knew enough about the company and its plans to make the whole thing seem plausible, including the need for secrecy.
It shows the need for data and email security on many levels. You’d hope that emails asking to move millions of dollars would have a digital signature to identify the sender and encrypted to stop snooping? We don’t know what security measures the company has in place, presumably there are a lot more now.
Digital Signatures
Part of the scam “the email address used by that accounting firm’s fake employee looked like it was from a valid email address for that company”. That could have been made harder to do by using digital signatures that confirm the source of any email.
Does your company use secure email with digital signatures and encryption? Probably not because Microsoft makes it hard to do that. Outlook software supports signatures and encryption in a basic form. Despite all the talk about security, Microsoft has made no effort to make Outlook’s signature/encryption features easier to use.
Privacy and Security in Microsoft Office goes step-by-step on how to get a digital signature and use it in Outlook. Then how to secure/encrypt emails to other people.
