Encryption and DLP’s Role in the Battle Against Business Email Fraud


While fraud and other scams are nothing new to businesses or consumers, the types and sophistication level of the scammers continue to evolve. In Tracy Kitten’s recent article on BankInfoSecurity.com, she discusses the upsurge in fraud connected to “business email compromise scams,” which amounted to $1.2 billion in losses over a period of less than two years (and these are only the ones that were reported).

Business email compromise scams are similar to those of the consumer ilk. An impersonator, in this case often someone posing as a company executive or outside vendor, requests a wire transfer through a phone call or email to someone at the business who has authority to send money. While many of us would like to think that in this day and age businesses could detect these fraudsters, the growing number of cases and exorbitant financial losses being reported suggest otherwise.

The reality is that in general we’re very bad at knowing when someone is lying as iO9.com details in a blog post titled, The 10 Things You Didn’t Know about Liars. Perhaps this inability to decipher between liars and truth tellers is because we are hardwired to trust others, or maybe it’s something else. Whatever the case, there’s no denying that the risk of human error incited by fraudsters is higher than ever.

In the case of business email compromise scams, encryption and data leak prevention (DLP) can play an important role. Businesses that require these solutions as part of their security model can significantly reduce the risk of fraud in a number of ways.

Encryption and DLP solutions can be deployed on business email 100 percent of the time or auto-triggered by certain keywords. These solutions also often include a number of tracking and control features like the ability to fully revoke messages even after they are opened or require a separate password that can only be provided via another method such as telephone or text message. Decreasing the risk of human error, or removing it altogether, has enormous value since fraudsters are usually trying to create sense of urgency so that typical security protocols are skipped.

Businesses that require the use of encryption solutions – whether for all employees or only the ones sharing sensitive information – immediately increase the barrier to entry for scammers who are much more likely to seek out businesses that don’t use these solutions. They also help to weed out impersonators who say they are in one place, but are really half way around the globe.

Finally, many email security solutions (Cirius included) clearly communicate to the recipient that they are receiving a secure message and from which organization. In addition to helping build a reputation of trust for the business, these clearly marked security measures go a long way in helping identify the fraudsters from the legitimate requests.