Can’t find something? Search our website.

X

Online Banking

Forgot Password?

Don't have Online Banking?
Sign Up Now.

Newsroom

Guarding Your Inbox: How to Identify and Avoid Email Scams

10-07-25

Courtesy FS-ISAC.

In a small business, email is often the door to opportunity, but it can also be a gateway for cybercriminals.

Email Breach Statistics

  • Email breaches are highly prevalent, with phishing attacks accounting for a significant portion of cyber threats.
  • 75% of targeted cyber attacks start with an email, while 44% of social engineering incidents involve phishing specifically.
  • 94% of malware is delivered via email attachments, and attacks like Business Email Compromise (BEC) are the primary vector for data breaches in some sectors.

How This Scam Works

A business is contacted by a fraudster impersonating the company’s bank or credit union regarding a wire transfer.

The fraudster claims to be questioning the validity of a wire transfer request and asks the victim to verify their bank account, multi-factor authentication, and wire transfer reference numbers.

Using a social engineering tactic, the threat actor tricks an employee into clicking on a link or opening an attachment, which deploys malicious software designed to collect the user’s name and password to break into the email account.

Next, the stealthy actor lies in wait, creates a rule to avoid detection, mimics the employee, and accumulates information about your business and your customers, and gathers your financial information.
Finally, the actor impersonates staff and customers to commit financial fraud, including business email compromise, account takeover, and CEO impersonation fraud.

Once the fraudster has the wire transfer information, they can create a fraudulent wire transfer to another bank account they’ve already established. They will monitor its activity, immediately verify receipt of the money, and withdraw the funds.

What’s Your Risk?

Wire transfer fraud is a significant risk, especially for businesses (and individuals) that frequently use this payment method. Learn the following tactics, techniques, and processes to bolster your security response and use the internal controls listed below to safeguard your business.

What makes detection so difficult is the subtlety of the crime and the way threat actors manipulate victims – people expect businesses to have controls in place to prevent fraud, and they naturally trust emails they think are legitimate.

  • Operational Disruption — Business interruption and downtime divert time and energy from servicing customers (e.g., ransomware incidents prohibit access to stored data unless a ransom is paid), data corruption, business restoration costs, supply chain issues, loss of revenue, and similar consequences.
  • Reputational Damage — Following a disclosed breach, information that becomes public knowledge can diminish your reputation and reduce consumer confidence.
  • Financial Loss — Breach remediation costs may vary; however, they are substantial. For example, the average cost for a data breach in the US was $9.4 million in 2023, while the global average was around $4.88 million in 2024. Your competitive advantage may be adversely affected.
  • Legal & Regulatory Costs — If your business fails to protect sensitive information(such as HIPAA, GDPR, and GLBA) in your email servers, you may face legal action for non-compliance. Additionally, you may also face lawsuits from victims of the incident.

Reduce Your Risk

It doesn’t matter what the size of your business is; good cyber hygiene, training, and reporting processes will reduce your risk. It’s worth the effort — the consequences can be severe. Whether you outsource your information technology service or manage it internally, here are some basic tips to reduce your risk.

  • Utilize Multi-Factor Authentication wherever possible
  • Continuously update anti-virus and other critical software to prevent new exploits.
  • Perform regular security audits to proactively identify and remediate defense weaknesses.
  • Ongoing threat monitoring to detect unusual activity in real time within and outside of your network to identify and block unauthorized access attempts.
  • If you detect that you’ve had a security compromise, immediately notify your Paragon Bank contact.

If You Think You’ve Been Scammed

  • Contact your Paragon Bank contact immediately so they can act and provide recommendations.
  • Keep detailed records and document all communication, actions taken, and the timeline ofevents.
  • Identify and secure systems by examining communication channels (emails, phone calls) forany signs of phishing or unauthorized access.
  • If you are the victim of burglary, vandalism, or theft, contact your local law enforcementagency.
  • If your Social Security or individual tax identification number was stolen, immediately report it to IdentityTheft.gov
  • Report suspicious activity to the Internet Crime Center, www.ic3.gov and/or your local law enforcement agency.

If you enjoyed this article, would you mind sharing it?

Recent Posts

 

Paragon Bank celebrates Grand Opening for new Jackson, TN Banking Center
09-02-25

Paragon Bank celebrated the official grand opening of its new Jackson, Tennessee Banking Center with a ribbon-cutting special event for […]

Read Post

Tim Dries

Accomplished IT Operations and Services Executive Tim Dries Joins Paragon Bank Board of Directors
08-19-25

Paragon Bank is happy to announce that Tim Dries, an experienced IT consultant and services executive, recently joined its Board […]

Read Post

Alex Tankersley

Congratulations to our 2025 Team Member of the 2nd Quarter – Alex Tankersley
08-04-25

Paragon Bank is pleased to announce that Alex Tankersley, Financial Services Associate, Paragon Centre, was selected by her peers as […]

Read Post

Kia Wyatt

Congratulations to our 2025 Team Member of the 1st Quarter – Kia Wyatt
05-05-25

Paragon Bank is pleased to announce that Kia Wyatt, Deposit Operations Associate was selected by her peers as the Team Member […]

Read Post