Email is often the weakest link in the IT chain leading to various kinds of cyber-attack and losses. The problem with email is that once it leaves your IT environment it can be easily copied. Equally an email can be delivered to you from anyone (with any kind of attachment) With all of us receiving so many emails every day, it can be easy to miss something malicious.
It is estimated that over 50% of all global email is Spam and a high percentage of that is malicious. With more and more companies using automated email marketing campaigns, the amount of “junk” in our inbox just gets bigger every day. However, using more and more aggressive filtering techniques can mean that important emails may never hit your inbox.
If you reflect for one moment on retail banking and their move to digital, you will notice that all critical information and communication is within their IT environment. You need to login with at least a two-factor identification to view your details and make instructions.
Banks today never process a payment instruction based on an email. At the very least, they will call you back for reconfirmation. Any manual service is inefficient and costly and as a result banks are moving their customers increasingly to digital. The commodities industry is highly competitive and increasingly under cost pressure., but using manual processes are expensive and often ineffective against cybercrime.
Cybercrime is affecting all industries, but the commodities sector is particularly vulnerable. Given the enormous movement of cargoes and cash, there is a high risk of incurring a substantial loss if you become the victim of a fraud.
We have been told by many customers that they have faced multiple attacks on their systems and in particular their email communications have been compromised. One of the most regular and simple frauds we have been told about is invoice fraud.
Below are the basics of how fraudsters operate
- The commodity supplier raises an invoice for the goods shipped under the contract
- The supplier then converts that invoice into a PDF and attaches it to an email
- The email is then sent to the supplier
- The fraudster uses various techniques such to copy the invoice data and/or block its direct transmission to the customer
- The fraudster then changes the bank account details on the invoice and forwards a new invoice by email to the customer (cleverly disguising himself as the supplier)
- The customer receives the invoice and unknowingly pays the money to the fraudster’s nominated bank account
- The fraudster receives the money and launders it through multiple banks
- The fraudster disappears and the money becomes unrecoverable
Invoice fraud is just one example of many types of cyber-crime. Sometime an attack comes in the form of full IT infrastructure lock down. We saw this is the case of the Ransomeware attack on the Colonial Pipeline; crippling supplies of gasoline to the US East Coast for days. Colonial only managed to get things running again after paying $4.4 million in Bitcoin demanded by the hackers. Whilst the details of the operation are not clear, it is highly likely the attack came via some kind of Trojan * attached to an email.
So why do some many people still use email when there are other solutions?
I can only explain this using the words of John Maynard Keyes, who notes;
“The difficulty lies not so much in developing new ideas as in escaping from old ones”.
Believe it or not, email has been around since 1971. That is 50 year old tech which we are still using today!
At TradeCloud our goal was to build a communications platform specifically designed for the commodities industry. This meant that data security was our top priority. As highlighted above, the key to keeping communications private is to keep them within a secure environment. The TradeCloud environment is a closed system, making it far less susceptible to attack.
So, if you want to significantly reduce the risk of your data being intercepted, you should send it via TradeCloud. TradeCloud allows you to send messages and documents in structured manner and has security features throughout. Furthermore, TradeCloud can be fully monitored by your compliance department via our partner Global Relay — the leader in global communication monitoring.
This is just one feature amongst many we have created for a more secure and compliant environment for the commodities industry of the future.
If you would like to learn more about how we are going about this, please feel to contact us via firstname.lastname@example.org
* A Trojan horse, or Trojan, is a type of malicious code or software that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general inflict some other harmful action on your data or network.