Privacy Peril: New Invoice – Action Required!

Bass, Berry & Sims PLC
Contact

Bass, Berry & Sims PLC

According to Microsoft, 91% of cyberattacks start with an email. In an earlier Privacy Peril we provided information on prevalent words phishers of men and women insert in an email subject line to grab the recipient’s attention and increase the likelihood the email will be opened. Expel, Inc. a security monitoring company, analyzed 10,000 phishing emails during the month of July 2021 to determine the “top attack vectors” of email subject lines being used by bad actors. Unsurprisingly, the majority of the illegitimate emails had one or more of three characteristics:

  1. They impersonated legitimate business activities.
  2. They created a sense of urgency.
  3. They prompted the recipient to take some action.

Subject lines including words like “Service Request,” “Action Required,” “New,” “Document” (i.e., “View Attached Document” or “‘X’ shared a document with you”), “Verification,” “eFax,” or “VM” (voicemail abbreviation) were often used because generic business terminology does not stand out as suspicious; action words prompt, well, action; and people are intrigued by something new. Moreover, TechRepublic reported that attackers are sophisticated enough to target finance professionals with fake “invoice” emails or human resources professionals with fake “resume” emails.

As always, be wary of any email that seems out of the ordinary or from an unknown sender. Ask yourself:

  • Would a legitimate vendor seek payment of a large outstanding invoice and expect to collect by email?
  • Should I act, immediately or otherwise, on a complete stranger’s directive?
  • Was this “shared” (and unsolicited) document expected and will it benefit me?
  • Is there really anything “new” under the sun?

The answer to each is “no.” Move on.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Bass, Berry & Sims PLC

Written by:

Bass, Berry & Sims PLC
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Bass, Berry & Sims PLC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide