[Offer Grid] 📬 | Email, Phishes, and How to Stay Safe | Issue No. 8

At this point in the publication history of this newsletter, most of the subscribers know me. It’s the nature of a new publication or a new business of nearly any kind. You start with a close-in circle, and concentric circles of growth get “colder” (in marketing-speak) and you warm them up.

So, hey friend.

Full transparency, I got no takers on my question last week about “what do you want me to talk about?”

So I get to pick.

I choose crime.

Now, I don’t suggest doing crimes. But I suggest that every business owner must know about what crimes are in vogue.

I can’t stress enough how hot cybercrime is now.

It’s so easy. It’s so accessible. It’s so “now”.

Computers don’t care if someone is doing something illegal. We have to set up the boundaries to keep out the illegal stuff.

And it’s hard hard hard to tell if some computer thing comes from a person or from a bot.

The bots are getting better and better every darned day at sounding like humans.

It’s crazy, but you can train A.I. in just a few minutes to create a fake you.

Fake audio. Fake video. It takes just a few minutes, and most people can’t tell the difference.

There are many different platforms you can use to create deepfakes. They’re cheap, fast, and easy to use.

What if someone created a fake you and made a video of fake you saying things you wouldn’t say? You wouldn’t want that.

The reality of deepfakes seriously ups the value of c human connection.

But there are other malevolent players who don’t get into the business of making fake people.

There’s an another world of scamming called, “business email compromise” (BEC).

As if life weren’t hard enough, there are bad guys out there attacking businesses via email, which is one of the most vulnerable points in any business.

Businesses have been using email since the ‘80s and ‘90s. Email is a widely accepted form of communication. Most people check it multiple times a day (more frequently, in fact, than social media). It’s boring. It’s utilitarian.

And if you don’t secure the use of it you might as well leave the doors to your business unlocked and wide open every night.

There are a bunch of weaknesses around email in business, the top three being:

1. People

2. People

3. People

The first people problem with emails is that most people, lacking training around email scams, have no idea if the email they’re reading is malicious.

They don’t know what to look for. They can’t spot a clue that there’s something wrong.

This is a simple training issue.

Oh sure, your store clerk might not fall for the Nigerian Prince email anymore. But the staff member you’re relying on to cover a major part of your customer service program could easily cost you tens of thousands of dollars because of lack of training.

If staff doesn’t recognize a bad email (phishing email) the bad guys can steal from you in forms of inventory, refunds, and scores of other methods.

These techniques of thievery get more sophisticated all the time.

The second people problem with email is that individual employees, especially in smaller businesses, have way too much control and power to let things go wrong.

Most businesses, even small ones, could benefit from creating work roles around separation of duties. Two or more people would be required to complete an expenditure over some threshold amount of money. Something like that.

Bigger businesses and organizations that routinely wire funds to vendors, for example, are especially susceptible to BEC.

It’s way too easy for a bad guy to craft an email that looks like it comes from a valid source, sounds right, and robs you blind.

The bad guys are really good at what they do. They know how to send messages that people respond to. And they work like marketers. They have a list, they work the list, and a certain number of people from that list will respond to their offer.

It’s like email marketing that we do, but for evil, not for good.

Finally, the third people problem with email crime is called, “social engineering”. It’s just what it sounds like. Engineering, or making things the way you want them, in a social (human) way.

Imagine your business gets an email. The person who sent the email says he’s from the bank that your business uses for the main account. Everything looks real, so why verify right? (Shudder.)

The bad guy creates trust and build rapport.

After some time… a few minutes or days… the conversation turns to higher stakes. The bank is asking for a password.

The sender now has trust as well as being seen as a person of authority.

There goes the password.

People who do social engineering are in the business of getting login information, or whatever else they want, and taking what they want.

Phishing (sending malicious emails) is a form of social engineering. These represent about 80% of the world of online scams and cybercrime.

In 2024 BEC was a $55 billion business.

I gave a talk at a cybersecurity conference during Q4 2024 (SimplyCyber Con) all about phishing and social engineering. The talk was called, “Patches for Phishing.” You can see that talk here.

I’m finding, the more people I talk with and the more businesses I work with, the more I see that cybercrime is the next big part of business to be tackled.

I don’t have a program to offer you. I don’t have a course to sell you. But in the weeks and months going forward I’m exploring ways I can help business owners, like you, to protect yourself against the rising tide of crime that is threatening businesses everywhere.

Best to ya,

Amy

P.S. Email is the perfect target for cybercrime. You know the famous quote by bank robber, Willie Sutton, right? When asked why he robbed banks, he replied, “Because that’s where the money is.” Forget about banks. Email is where the money is.

Always feel free to reach out with ideas or comments.