By Paul Everton
SPYMAIL is a regular e-mail with a hidden tracking code. Cybercriminals are deploying it to invade executives’ out-of-office inboxes.
When a traveler opens spymail, he reveals a wealth of private information—his current location, the time of day he read his e-mail, his hotel where he’s staying. Scammers can use this data to craft believable phishing e-mails or phone calls, targeting the executive or his colleagues back home. Because spymail looks like any other e-mail, the receiver is unable to determine whether a particular message is being tracked with the invisible extension, making cyber security on the road much more difficult to manage.
Organizations must adapt their defenses accordingly. Here’s how:
- Train for awareness. Periodic, engaging training sessions that define spymail and phishing, and illustrate the ramifications of each, are necessary to make employees more vigilant.
- Establish an executive e-mail protocol. For example, finance departments should outline a procedure in the event that executives need to request money while traveling. When a request comes through that doesn’t adhere to the protocol, any possible scams are more likely to be detected.
- Add an extra layer of inbox security. When traveling, business leaders need to be focused on the task at hand, not on safety and cyber-security issues. Adding spymail protections to conventional spam filters and firewalls can help safeguard company data and give traveling executives peace of mind.
Paul Everton is the founder and CEO of MailControl.