Coronavirus (COVID-19) Update for Customers and Partners

At MDaemon Technologies, the health and safety of our employees, customers and partners is our primary concern. As a global technology company, we are monitoring the developments of the Novel Coronavirus (COVID-19) pandemic very closely. Our entire staff is trained and participates in our remote workforce program and we are committed to providing seamless support to our customers’ business operations.

#coronavirus #coronavirusupdate

Are you experiencing disruptions with MDaemon or Security Gateway?

UPDATE: This issue has been resolved. Please restart MDaemon or Security Gateway.

If you are currently experiencing a disruption with MDaemon or Security Gateway, please disable (uncheck) “Outbreak Protection.” We are working with Cyren to fix the issue. MDaemon users can disable this feature via Security | Outbreak Protection.

Security Gateway users can disable this feature via Security | Anti-Spam | Outbreak Protection (be sure to un-check both Anti-Spam Outbreak Protection and Anti-Virus Outbreak Protection).

MailStore 12.1 Now Available – with Improved Performance, Security and Usability

MailStore, the feature-packed email archiving solution, has been updated with new features and enhancements for better security, performance, and an overall better user experience. Here’s a brief overview of these improvements.

Refreshed look for Outlook Add-in: Updated Icons for consistency with the latest versions of Outlook

The MailStore Outlook Add-in has been redesigned with a more modern look for better integration with newer versions of Outlook.

Updated MailStore Outlook Add-in Toolbar
Updated MailStore Outlook Add-in Toolbar

Improved Archive Performance

Improvements in the way MailStore handles archive stores internally have resulted in improved performance of mailbox archiving by up to 20 percent over earlier versions.

Easy access to setup guides in the Exchange archiving wizard

When configuring archiving for Microsoft Exchange, links to helpful online resources have been added for all supported versions of Microsoft Exchange and Office 365.

MailStore Archive Online Help
MailStore Archive Online Help

New folder structure options for export profiles

Improvements to export profiles now allow emails to be exported into specific, user-defined folders without replicating the archive folder structure. This provides easier handling of exported emails and helps avoid issues caused by restrictions on the export destinations (such as limitations on the export target’s maximum folder depth).

MailStore export profile showing checkbox to retain folder structure
MailStore Export

Removed support for older Windows platforms

MailStore is no longer supported on versions of Windows that are no longer supported by Microsoft (Windows Vista, Windows Server 2008 Standard or Windows Small Business Server 2008).

Orphaned archives shown on Privileges screen

Orphaned archives (those that do not have a user associated with them) are now shown on the “Archives and Privileges Overview” section of the “Users and Archives” configuration screen.

MailStore Email Archive Privileges
MailStore Archive Privileges

Other Improvements

  • A “Print Message” button has been added to the Outlook Add-in.
  • Audit Log: Copy to clipboard now includes event details.
  • SMTP Settings: Support for multiple recipients (comma separated email addresses) has been added.
  • Thunderbird Support: MailStore warns users that archiving may be incomplete due to IMAP-backed Thunderbird profile.
  • jQuery security update to address potential XSS vulnerability.
  • Quick export of saved search results via context menu has been added.

Visit our MailStore product page to learn more, or to take advantage of these new features, click here to download Mailstore.

New PayPal Phishing Scam Goes After Your Social Security Number and Photos

New PayPal Phishing Scam Goes After Your Social Security Number and Photos

This week, we learned of a new phishing campaign targeting PayPal users in an attempt to extract as much personal data as possible.

The campaign is spread via an email claiming to be from PayPal’s notification center warning users that their account was accessed from another browser or device. The recipient is then prompted to click on a button which opens an online form owned by the attacker.

PayPal phishing email using display name spoofing
PayPal phishing email (Source: SANS ISC)

If you’ve been following some of my previous posts, you may recall that I’ve discussed avoiding phishing email scams fairly frequently, but as long as people continue to fall victim to these and other email related scams, there will be a need for ongoing education on how to spot social engineering, spoofing, and other phishing-related tactics.

Consider this week’s PayPal phishing example. Cybercriminals often take advantage of the fact that many email clients (especially mobile devices) will only show the display name or “friendly from” header, and not the full email address. In the above example, “Support” was used as the display name, but the message was actually sent from an address under

Helpful Tip: To help users identify email spoofing, MDaemon Webmail displays the full email address in the message header.

If a user clicks on the link in the email, they are taken to a landing page operated by the attackers, and then presented with a fake login form where they are prompted to enter their email address and password.

PayPal Login Form used in phishing
PayPal Login Form on Phishing Site

From there, the user is asked for their full street address, and then they are taken to a form requesting credit card details.

Lookalike PayPal form requesting credit card information
Lookalike PayPal form requesting credit card information

At this point, most users would start getting suspicious, but those who proceed are presented with a form requesting their date of birth, Social Security number, and even their ATM or debit card PIN.

PayPal Account Locked Spoofed Form
PayPal Account Locked Spoofed Form

Users who go a step further are then requested to upload a photo of a valid ID or credit card.

PayPal Phishing Image Upload
PayPal Phishing Image Upload

By this point, most people would recognize this as a phishing scam, but inevitably, enough users will fall for these and other scams to keep cybercriminals in business for the foreseeable future.

Most reputable banking and government institutions have strict policies regarding their handling of confidential information. You’ll find more information on avoiding common email scams on PayPal’s website.

Phishing scams continue to evolve, with enough victims to keep cybercriminals in business for the foreseeable future. That’s why it’s important for businesses of all sizes to provide their employees with ongoing training on how to recognize and avoid email scams. A good place to start would be to review these 10 tips to identify a phishing email, and as always, remain vigilant and be skeptical of any online requests for information.

15 Best Practices for Protecting Your Email with Security Gateway

Despite the rumors announcing the death of email, its use continues to grow. According to research from the Radicati Group, email traffic is predicted to grow to over 333.2 billion emails sent per day (from the current 306.4 billion emails). And as long as businesses continue to use email, cybercriminals will find new ways to exploit security gaps, software bugs, and basic human nature to extort millions of dollars from their victims.

With the widespread transition from on-premise email servers to the cloud, hosted email providers have become a growing target for cybercriminals. In fact, reports show that over 29% of businesses had seen their Office 365 accounts compromised in a single month last year. That’s why you need the additional protection offered by Security Gateway for Email Servers to protect against email-borne threats.

Here are our top 15 recommendations to protect your business from email-borne threats with Security Gateway

Security Gateway was designed to be easy to use while providing the strongestHow to protect your business email from spam, phishing, malware, data leaks, and more, with Security Gateway for Email Servers. Click here to download the how-to guide PDF. protection against spam, phishing, and data leaks. And while most security settings are configured for optimal protection by default, it’s a good idea to follow these guidelines for best results.

Verify That a User is Valid before Creating an Account

With every incoming message addressed to an unknown local user, Security Gateway needs to be able to verify that the account is a valid local user by querying Office 365, Active Directory, MDaemon, or another data source before creating the account and delivering the message. We recommend using one the five user verification sources found in Security Gateway to validate accounts.

User verification options to validate users by querying Office 365, Active Directory, MDaemon, or an LDAP data source
User verification options to validate users by querying Office 365, Active Directory, MDaemon, or an LDAP data source

Use SMTP Authentication to Prevent Unauthorized Account Access

To help prevent unauthorized account access, we recommend requiring SMTP Authentication unless a message is transmitted from a domain mail server.

SMTP authentication settings in Security Gateway for Email Servers
SMTP authentication settings in Security Gateway for Email Servers

Use Strong Passwords

Spammers will often try to hijack an email account by guessing its password. Therefore, passwords that are easy to guess should always be avoided. If Security Gateway is configured to create accounts automatically by querying a user verification source, then make sure your user verification source is configured to require strong passwords. Passwords can also be assigned to users manually via the Domains and Users menu.

Enable Dynamic Screening

Enable Dynamic Screening to block connections that exhibit suspicious activity, such as failing too many authentication attempts, connecting too many times in a given time frame, attempting to keep a connection open too long, or sending to too many invalid recipients. Dynamic Screening makes it more difficult for a malicious person to guess passwords by detecting the malicious activity and blocking the connections.

Dynamic Screening Settings in Security Gateway for Email Servers
Dynamic Screening Settings in Security Gateway for Email Servers

Enable Account Hijack Detection

If a spammer guesses an account’s password, he can then use that account to send out spam. To limit the spammer’s ability to abuse a compromised account, enable Account Hijack Detection, and then enter the maximum number of messages that can be sent in a given time frame. Once the limit has been reached, the account is disabled and the administrator is notified.

Prevent compromised email accounts from abuse with Account Hijack Detection in Security Gateway for Email Servers
Prevent compromised email accounts from abuse with Account Hijack Detection in Security Gateway for Email Servers

Enable at Least One Default Mail Server

When email arrives for a domain that has not been assigned its own mail server, Security Gateway needs to know where to send those messages. We recommend adding a default mail server for all Security Gateway domains that have not had domain mail servers specifically associated with them.

Security Gateway - Default mail server settings
Security Gateway – Default mail server settings

Prevent Unauthorized Mail Relaying

Relaying occurs when mail that is neither to nor from a local account is sent through your server. Servers that are not properly configured to prevent relaying can end up on a blacklist. By default, Security Gateway does not allow mail relaying.

Relay Control Settings in Security Gateway for Email Servers
Relay Control Settings in Security Gateway for Email Servers

Protect Your Domain with IP Shielding

IP Shielding is a security feature that only honors SMTP sessions claiming to be from someone at one of the listed domains if they are coming from an IP address associated with that domain.

The best way to secure outbound email is via SMTP authentication. However, for businesses that need to send email from a printer or other device that is not capable of authenticating, IP Shielding can be used to exclude certain IP’s or ranges from having to authenticate. Messages from authenticated sessions can optionally be exempt from IP Shielding requirements.

Protect against email spoofing with IP Shielding in Security Gateway for Email Servers
Protect against email spoofing with IP Shielding in Security Gateway for Email Servers

Enable SSL to Ensure Data Privacy

To protect the privacy of transmitted data, we recommend enabling the SSL encryption features for SMTP and HTTP.

Secure Sockets Layer (SSL) settings in Security Gateway for Email Servers
Secure Sockets Layer (SSL) settings in Security Gateway for Email Servers

Enable Backscatter Protection

Most spam messages contain a forged return path. This often leads to users receiving thousands of delivery status notices, auto-responders, and other messages in response to messages that the user never sent. This is known as backscatter. To combat backscatter, Security Gateway’s Backscatter Protection feature can help to ensure that only legitimate Delivery Status Notifications and auto-responders get delivered to your domains.

Backscatter Protection Settings in Security Gateway for Email Servers
Backscatter Protection Settings in Security Gateway for Email Servers

Don’t Whitelist Local Email Addresses

In many cases, local IP addresses or host names may need to be whitelisted. However, we do not recommend whitelisting local email addresses. If a local address is added to the whitelist, messages sent to this address could bypass many of your security settings and put your server at risk of being blacklisted.

Protect your Email Infrastructure from Virus and Spam Outbreaks

Security Gateway scans all inbound and outbound mail using the Cyren and ClamAV antivirus engines. It also includes Cyren Outbreak Protection, which is real-time anti-spam and antivirus technology that is capable of proactively protecting your email infrastructure automatically and within minutes of an outbreak.

Antivirus settings in Security Gateway for Email Servers.
Antivirus settings in Security Gateway for Email Servers.

Prevent Data Leaks

Security Gateway includes over 70 Data Leak Prevention rules to help prevent unauthorized transmission of sensitive information such as personal identification numbers, credit card numbers, and other types of confidential data. These rules can be configured to send messages containing sensitive content to the administrative quarantine for further review, redirect the message to a designated address, or encrypt the message.

We recommend enabling the appropriate Data Leak Prevention rules to suit the needs of your specific business or industry.

Data Leak Prevention in Security Gateway for Email Servers
Data Leak Prevention in Security Gateway for Email Servers

Enable Location Screening

Use Location Screening to block inbound SMTP and HTTP connections from unauthorized countries. If your company has no legitimate business need to communicate with a particular country, then refusing connections from that country can potentially block large amounts of spam. Alternatively, you can configure Location Screening to only prevent authentication from unauthorized countries.

Block email from unauthorized countries with Location Screening in Security Gateway for Email
Block email from unauthorized countries with Location Screening in Security Gateway for Email

Enable Macro Detection in Microsoft Office Documents

Cybercriminals often use macros in email attachments to spread malware. In Security Gateway 6.5 and up, the Virus Scanning settings include an option to detect macros in Microsoft Office documents and flag them as infected. Security Gateway can refuse these messages or quarantine them for administrative review.

Download "Settings to Protect Your Mail Server"Would you like to learn more about Security Gateway for Email? Visit to sign up for hosted or on-premise email protection.


Protect Office 365 with Security Gateway for Email

At about this time last year, Office 365 had around 155 million users, and businesses continue to adopt its services at a rate of around 3 million users per month. But as subscription rates continue to grow, it becomes a growing target for cybercriminals to spread phishing and ransomware attacks.

A big drawback of such a large hosted service is that if cybercriminals manage to take over one of its accounts, it can be used to spread thousands of phishing attacks. And because these attacks are sent from a legitimate Office 365 account, they are likely to get past Microsoft’s Exchange Online Protection (EOP) and Advanced Threat Protection (ATP).

To combat these growing threats, businesses are turning to third-party email security gateways, and there are plenty of them out there with a relatively standard set of anti-spam and anti-phishing features, so to stand out from the competition, a solid email filtering solution must be easy to use while providing additional features such as archiving, compliance, and reporting.

For businesses on Office 365, Security Gateway offers stronger protection against email-borne threats, with account-verification controls tailored specifically for Office 365 to ensure that only authorized users are permitted to send or receive email.

Of course, Security Gateway does much more than protect your users from spam & phishing. It also includes built-in archiving with retention policies and legal hold for businesses that must meet legal compliance laws or that want a backup & recovery solution for a little peace of mind in the event of an outage or security breach.

Security Gateway also includes Data Leak Prevention (DLP) to prevent sensitive business data such as Social Security Numbers, Tax-ID Numbers, banking info, and much more from getting into the wrong hands. Messages containing confidential data can be encrypted using the built-in email encryption options, or sent to the administrative quarantine for further review.  After all, all it takes is a quick Google search to find a list of companies that have suffered steep fines, lost customers, and a damaged reputation due to sensitive data getting exposed.

We know you have choices with your email security solution. At MDaemon Technologies, our team of experts have been in the email security business for over 25 years. And while we have the resources and vision to address emerging messaging, collaboration and security needs into the future, our team is small and agile enough to build relationships with our customers for that personal touch that you just can’t get from a large company.

Try Security Gateway for free, or sign up for hosted email security services at

Microsoft is Ending Support for Windows 7. Here’s how to Move MDaemon and Security Gateway to the Latest OS

Microsoft Ends Support for Windows 7. Here's how to move MDaemon and Security Gateway for Email Servers to a new server.

Today, Microsoft is ending support for Windows 7. And while MDaemon and Security Gateway continue to support Windows 7, it’s a good idea to consider updating your Windows installation or migrating to an updated system.

Fortunately for MDaemon and Security Gateway users, moving to a new server isn’t a complicated process.

Moving MDaemon to a New Server or OS

Moving MDaemon to a new server using the same directory path involves these tasks:

  1. On the existing server, remove the MDaemon system service.
  2. Deactivate MDaemon & its associated plugins.
  3. Copy the MDaemon directory to the same path on the new server.
  4. Install the same version of MDaemon on the new server.
  5. Activate MDaemon on the new server.

For more detailed instructions, you can follow the steps outlined in this knowledge base article to move MDaemon.

If you’re moving MDaemon to a different directory path on the new server, you’ll need to update a few configuration files to point to the proper path, but this process isn’t complicated. Simply follow the steps outlined here to migrate to the new server on a new path.

Moving Security Gateway to a New Server or OS

To move Security Gateway, simply make a backup copy of the Security Gateway database, shut down Security Gateway, install Security Gateway on the new server, and then restore the database file.

You’ll find step-by-step instructions for moving Security Gateway in this knowledge base article.

“Will my software stop working after Microsoft ends support for Windows 7?”

MDaemon and Security Gateway will continue to support Windows 7, but because Microsoft will no longer provide automatic security updates, it’s a good idea to move to a newer operating system to remain secure.

If you need help, our expert support staff is available to provide guidance.

Year in Review – Our Top New Features of 2019

MDaemon Technologies - Year in Review

With 2019 coming to a close, I’d like to announce a few product updates. 2020 is going to be an exciting year for new features, but until then, we’ve made a few improvements in MDaemon, MDaemon Connector for Outlook, and Security Gateway for Email Servers.

New Security Features

Macro Detection in Email Attachments

A common tactic used by scammers to distribute malware is to send emails containing attachments with a message asking the user to enable macros. In fact, this tactic has been used extensively by the Emotenet botnet during its recent resurgence after a period of inactivity. Once enabled, these macros can unleash malware that destroys your data or infiltrates your network. To help protect users from these threats, a new option was added to MDaemon Antivirus and SecurityGateway to detect macros in documents scanned by Cyren AV and flag them as infected for further review by the administrator.

Antivirus Macro Detection
Antivirus Macro Detection

Authentication Failure & Frozen Account Reports

To help users maintain awareness of unauthorized account access attempts, a new setting was added to MDaemon’s Dynamic Screening feature to notify the user after a given number of failed authentication attempts or after the account has been frozen.

MDaemon Email Server Authentication failure tracking - Dynamic Screening Notifications
Dynamic Screening Notifications

Regulations & Backup/Restore Features

Email Archiving in SecurityGateway

Any business that has lost data to a malware attack or suffered fines for not meeting regulatory requirements will benefit from a solid backup and recovery solution. To help businesses meet these needs, archiving was added to SecurityGateway. Advanced searching options make it easy to find archived messages based on the sender, recipient, message subject, message content, date range, attachment, and much more.

Archiving in SecurityGateway for Email Servers
Archiving in SecurityGateway for Email Servers

Email Journaling

Businesses that need to meet regulatory and compliance requirements or provide document retention for litigation requests can use SecurityGateway’s new Journaling feature. Journaling creates a backup copy of every email sent and received, along with a summary of the message’s sender, recipient, subject, and date, and stores it in a separate mailbox that cannot be accessed by end users.

SecurityGateway Archive Journal Reports
SecurityGateway Archive Journal Reports


New Data Leak Prevention Rules

Your data is your business’ most valuable asset, so if it lands in the wrong hands, it could lead to devastating financial losses as well as a loss of trust. To help businesses keep confidential data such as credit card numbers, Social Security numbers, and bank account numbers from being stolen over 60 new data leak prevention rules were added to SecurityGateway to protect against transmission of a wider variety of sensitive data.

Data Leak Prevention in SecurityGateway
Data Leak Prevention in SecurityGateway


Saved Searches in MDaemon Webmail

Over the past year, we added new features to MDaemon Webmail to help users stay organized, including automatic creation of “All Unread” and All Flagged” saved searches. When you log into MDaemon Webmail, you’ll receive a pop-up message asking you if you’d like to create these saved searches. Simply confirm to add them to your folders list.

MDaemon Webmail - Saved Searches
MDaemon Webmail – Saved Searches

Expired Webmail Session Notifications

If you’ve been logged into MDaemon Webmail for a period of time, you may not have noticed your session has expired. Beginning with MDaemon 19, MDaemon Webmail will display (EXPIRED) on the browser tab to help notify users that they’ve been logged out without having to switch tabs.

Expired Session notification in MDaemon Webmail
Expired Session notification in MDaemon Webmail

New Mobile Theme for MDaemon Webmail

Most of us are using our phones more than we’re using our desktop to check email, and you shouldn’t have to sacrifice features for the convenience of anywhere access. To address these needs, MDaemon Webmail’s mobile theme has been redesigned with a more modern look, plus a variety of new features previously only found in desktop themes. New email management features include email templates, personalized categories, drag & drop email filters, an email signature editor with support for multiple signatures, deferred delivery, message snooze, message recall, and sorting options.

Calendar features for the new Mobile Webmail theme include importing and exporting in CSV or ICS (iCal) format, support for external calendars, private access links, simultaneous multi-calendar view, and much more.

MDaemon Webmail - New Mobile Theme
MDaemon Webmail – New Mobile Theme


Businesses with higher email usage environments will benefit from these new features for SecurityGateway.

64-Bit Version of SecurityGateway

This year, we added a 64-bit version of SecurityGateway. This allows 64-bit operating systems to take advantage of the extra processing power that’s achieved by allowing more operations to be performed at a time. The 64-bit version can handle a higher volume of active connections for improved performance.

External Database Support in SecurityGateway

External database support has been added to SecurityGateway, so you’re no longer limited to using the built-in Firebird database. When an external Firebird database is used, multiple items can access the database at the same time, which helps improve performance.


Support for Multiple SSL Certificates

In the past, when adding a new domain and host name to an existing MDaemon server, administrators had to remove and re-create the SSL certificate, or re-issue the third-party certificate. In 2019 we added support for Server Name Indication (SNI) to MDaemon. With SNI, each host name can have its own SSL certificate, which means you no longer have to delete and re-create existing certificates and share them among new domains/host names. Simply create the new SSL certificate & assign it to the new host name.

Centralized Management of Email Signatures

If your business allows users to create their own email signatures, you may have noticed there’s no consistency, with variations in text formatting, images, or overall layout of the signature. In MDaemon 19.5, we added support for centralized management of email signatures.

Central Management of Email Client Signatures
Central Management of Email Client Signatures

More Features Coming Soon!

This is by no means an exhaustive list of all new features. Our developers have devoted countless hours to making MDaemon the best email and collaboration product on the market, and 2020 is going to be even more exciting, so check back for new features and updates!

News Roundup – November 25, 2019

This week, we present the latest stories and events in the field of email, email security, phishing, data breaches, regulations, and trends.

Ransomware in the News

I’m old enough to remember life without a computer in the house, so I was a bit surprised to learn that the first ransomware attack happened 30 years ago!

Cybercriminals have come a long way since 1989 as they continue to employ a mix of oldWeekly Email Security and IT News and new tactics to scam businesses and end-users out of millions of dollars. For the second time this year, Louisiana’s state government systems were hit with ransomware. Fortunately, they were better prepared after the previous attack, so they suffered no data losses and did not pay a ransom.

Other reported incidents included:

Business Email Compromise Threats Continue

Business email compromise continues to be a growing threat due to the potential to extort large payouts from victims. A prominent incident reported last week included one in which fraudsters diverted $742,000 from the City of Ocala in Florida.

Reports of business email compromise typically discuss the facts about the incident itself – how it happened, how much money was lost, and actions taken to protect from future losses, but what is rarely reported is what legal action, if any, a company takes against the employee who was successfully tricked by one of these scams. But last week, a judge ruled on a case against an employee of a Scotland based company who was tricked into transferring approximately $200,000 to a cybercriminal.

Other Recent Incidents

Other recent incidents include:

New Trends We’re Watching

Other recent incidents show evolving threat vectors and attack techniques, including the Raccoon Stealer malware that bypasses Microsoft Messaging Gateways, a WhatsApp vulnerability that can remotely execute code, specially crafted ZIP filese used to bypass secure email gateways, Google Assistant on Android devices could be tricked into taking photos or videos, and the growing threat of fake Windows updates.

Staying  informed of current and emerging threats and tactics is the first step in protecting yourself and your business. Check back often for the latest updates..

Business Email Compromise Discussed on NPR’s Morning Edition

business email compromiseEarlier this week, I heard an interesting interview on NPR’s Morning Edition with a recent victim of Business Email Compromise (BEC), a growing threat that uses social engineering to exploit human nature in order to divert massive amounts of money to cybercriminals.

Recent Business Email Compromise Trends show Evolving Tactics

First, let’s start with a little background information. In 2013, when Business Email Compromise scams were gaining popularity, attackers typically compromised a legitimate email account belonging to the company president, CEO or CFO in order to request the transfer of funds to an account controlled by the attacker. As awareness of BEC scams has grown, the tactics used by the scammers to avoid detection have evolved as well. These newer deception methods use compromised lawyer email accounts, requests for W-2 records, and the targeting of real estate transactions. Another recent trend involves spoofing a company executive or other position of authority and requesting the targeted victim purchase gift cards for personal or business reasons.

Over the past couple of years, BEC tactics have further evolved into a new trend known as Vendor Email Compromise in which cybercriminals target vendors or suppliers with phishing emails and then send realistic-looking invoices to their customers in order to steal money.

BEC scams have been wildly successful, with $1.2 billion in losses reported in 2018 by the FBI’s Internet Crime Complaint Center (nearly triple 2016 losses). Unfortunately, these are only REPORTED losses. Many incidents go unreported because companies don’t want to risk bad publicity.

While recent efforts by law enforcement agencies have led to many arrests, Michael J. Driscoll, FBI special agent in charge of the Criminal Division for the bureau’s New York Field Office, has named Business Email Compromise the #1 priority – replacing ransomware as the biggest threat facing businesses.

And that brings me to the interview I heard on NPR.

This week on Morning Edition, Martin Kaste interviewed “Mark” (not his real name), the owner of a Seattle-based real estate company and one of the earliest victims of Business Email Compromise. Mark discussed how the attack began and how it evolved.

It started with a scammer intercepting email traffic between Mark and a business partner. For a period of time, the scammer monitored this email traffic and studied their speech, writing patterns and message timing (see Step 1 here). When Mark and his partner discussed a $50,000 disbursement owed to the partner, the scammers took action and inserted their own wire transfer instructions (see Step 3 here).

Mark was convinced the request was legitimate, and transferred the $50,000 (Step 4) to the scammer’s bank account. His partner never received the money. By the time they alerted the bank, the money had already been transferred to an overseas account.

Mark said, “We’re somewhat experienced businesspeople. The idea that we’ve been duped makes you feel pretty stupid,” and as I mentioned, this “shame” element, along with fear of a damaged business reputation, is why many of these incidents often go unreported.

Kaste points out, “The banks weren’t much help, either. Since he was the one who gave the scammers the account number, they saw this as his responsibility. He has learned one thing – never again trust wiring instructions that are sent by email.”

And that sound advice is among other tips you’ll find in my earlier post on avoiding Business Email Compromise scams.

You can listen to the full interview from NPR’s Morning Edition here.