Can’t find something? Search our website.

X

Online Banking

Forgot Password?

Don't have Online Banking?
Sign Up Now.

Newsroom

Guarding Your Inbox: How to Identify and Avoid Email Scams

10-07-25

Courtesy FS-ISAC.

In a small business, email is often the door to opportunity, but it can also be a gateway for cybercriminals.

Email Breach Statistics

  • Email breaches are highly prevalent, with phishing attacks accounting for a significant portion of cyber threats.
  • 75% of targeted cyber attacks start with an email, while 44% of social engineering incidents involve phishing specifically.
  • 94% of malware is delivered via email attachments, and attacks like Business Email Compromise (BEC) are the primary vector for data breaches in some sectors.

How This Scam Works

A business is contacted by a fraudster impersonating the company’s bank or credit union regarding a wire transfer.

The fraudster claims to be questioning the validity of a wire transfer request and asks the victim to verify their bank account, multi-factor authentication, and wire transfer reference numbers.

Using a social engineering tactic, the threat actor tricks an employee into clicking on a link or opening an attachment, which deploys malicious software designed to collect the user’s name and password to break into the email account.

Next, the stealthy actor lies in wait, creates a rule to avoid detection, mimics the employee, and accumulates information about your business and your customers, and gathers your financial information.
Finally, the actor impersonates staff and customers to commit financial fraud, including business email compromise, account takeover, and CEO impersonation fraud.

Once the fraudster has the wire transfer information, they can create a fraudulent wire transfer to another bank account they’ve already established. They will monitor its activity, immediately verify receipt of the money, and withdraw the funds.

What’s Your Risk?

Wire transfer fraud is a significant risk, especially for businesses (and individuals) that frequently use this payment method. Learn the following tactics, techniques, and processes to bolster your security response and use the internal controls listed below to safeguard your business.

What makes detection so difficult is the subtlety of the crime and the way threat actors manipulate victims – people expect businesses to have controls in place to prevent fraud, and they naturally trust emails they think are legitimate.

  • Operational Disruption — Business interruption and downtime divert time and energy from servicing customers (e.g., ransomware incidents prohibit access to stored data unless a ransom is paid), data corruption, business restoration costs, supply chain issues, loss of revenue, and similar consequences.
  • Reputational Damage — Following a disclosed breach, information that becomes public knowledge can diminish your reputation and reduce consumer confidence.
  • Financial Loss — Breach remediation costs may vary; however, they are substantial. For example, the average cost for a data breach in the US was $9.4 million in 2023, while the global average was around $4.88 million in 2024. Your competitive advantage may be adversely affected.
  • Legal & Regulatory Costs — If your business fails to protect sensitive information(such as HIPAA, GDPR, and GLBA) in your email servers, you may face legal action for non-compliance. Additionally, you may also face lawsuits from victims of the incident.

Reduce Your Risk

It doesn’t matter what the size of your business is; good cyber hygiene, training, and reporting processes will reduce your risk. It’s worth the effort — the consequences can be severe. Whether you outsource your information technology service or manage it internally, here are some basic tips to reduce your risk.

  • Utilize Multi-Factor Authentication wherever possible
  • Continuously update anti-virus and other critical software to prevent new exploits.
  • Perform regular security audits to proactively identify and remediate defense weaknesses.
  • Ongoing threat monitoring to detect unusual activity in real time within and outside of your network to identify and block unauthorized access attempts.
  • If you detect that you’ve had a security compromise, immediately notify your Paragon Bank contact.

If You Think You’ve Been Scammed

  • Contact your Paragon Bank contact immediately so they can act and provide recommendations.
  • Keep detailed records and document all communication, actions taken, and the timeline ofevents.
  • Identify and secure systems by examining communication channels (emails, phone calls) forany signs of phishing or unauthorized access.
  • If you are the victim of burglary, vandalism, or theft, contact your local law enforcementagency.
  • If your Social Security or individual tax identification number was stolen, immediately report it to IdentityTheft.gov
  • Report suspicious activity to the Internet Crime Center, www.ic3.gov and/or your local law enforcement agency.

If you enjoyed this article, would you mind sharing it?

Recent Posts

 

Chondrea Black Receives 2026 Bank Compliance Leader Award
06-09-26

Chondrea Black, Senior Vice President of Compliance & Loan Operations at Paragon Bank has been recognized with the 2026 Bank […]

Read Post

Paragon Bank Grants 21st Wish with Make-A-Wish Mid-South
05-28-26

Paragon Bank worked with Make-A-Wish Mid-South to grant 18-year-old Joelle her wish of visiting Romania and seeing Peonari Citadel in […]

Read Post

Paragon Bank Celebrates Sixth Annual BCA Family Day
05-13-26

Faculty, staff and family members educated on financial literacy Paragon Bank celebrated the sixth annual Binghampton Christian Academy (BCA) Family […]

Read Post

Paragon Bank Reports Strong Growth, New Annual Records and Continued Service Commitment 
03-23-26

Paragon Bank today announced its 2025 fourth quarter and year end financial earnings, reporting year-end net income for 2025 was […]

Read Post