One of the most common hacks we see with small to medium businesses are email breaches.

How does this happen?

Someone is using the same password for their email account as they are for another service, say Dropbox, who are then involved in a data breach.

Your details including your password are stolen and published on the Dark Web for hackers and scammers to purchase.

Calling them hackers is actually too much of a compliment, so lets call them scammers.

Now the scammers have your password. They manually try and access your email account. If you don't have multifactor authentication enabled on your account, then, boom, they are in.

So now these scammers, sit, wait and watch. They might be pulling 12 hour shifts, just watching many different breached email accounts.

So what are they looking for? Invoices you send out.

They then put a rule in place on your emails, so that any correspondence between you and your clients or customers is hidden in a folder. Then they doctor the invoice and make a slight change. The bank account details.

Soon after they'll send your client(s) a new invoice and let them know that the account details have changed. They will often send several follow up emails asking your client(s) for payment.

If your client doesn't suspect anything, they might pay the invoice. The scammers will usually transfer the money immediately, and then often it's gone.

You might be thinking that you don't send invoices. If that's the case, the scammers will often leave, but not before they send a phishing email from your email to all your contacts in the hope they'll get into other accounts.

Rinse and repeat.

Here are the lessons learned.

1) Enable MFA for any account that offers it. NBot all MFA is created equal. e.g. we've seen cases of breached emails with MFA and push notifications turned on.

2) Review your processes. You should have a process in place for when a supplier changes their bank details.

Do you have these things in place in your business?