Lately, we’ve seen an uptick in reports of scammers hacking into personal email accounts to access personal and financial information. Business Email Compromise (BEC) and/or Email Account Compromise (EAC) scams use a combination of email fraud and social engineering to carry out fraudulent payments.
How it works
There are several ways scammers can access email accounts. One way, is by the use of automated tools that cycle through usernames and passwords until they get in. Another common tactic is through phishing, where the scammer sends an email that includes a link to a malicious website designed to steal a person’s credentials.
Once scammers are in, they not only have access to your email but your calendar, contacts, files and more. From there, they can attempt to change username and passwords to any account linked to the email address. Scammers can also create email forwarding rules and/or change account permissions to monitor you and maintain access to accounts.
Prevent BEC and EAC Attacks
- Use strong, unique passwords. Weak passwords can easily be guessed.
- Double-check URL addresses. Fake websites often mimic legitimate sites that require login credentials.
- Think before you click. Malicious links, attachments and files can carry viruses.
Signs of Email Compromise
- Friends and colleagues receive emails from you that you didn’t send.
- You’re suddenly locked out of your own email, even though you haven’t changed the password.
- You notice strange “rules” in your email settings (like automatic forwarding).
- Your Sent folder has messages you didn’t write.
Signs of a Suspicious Email
- Bad grammar or weird phrasing.
- Messages that seem out of context or just don’t make sense.
- Requests for sensitive info like passwords or account numbers.
- Attachments that feel off or unexpected.
If you’re a Merrimack customer and concerned your personal or financial information was compromised, please call us directly at 603.225.2793.