How to avoid email compromise: avoid email!
'I lost £95,000 in a bank scam after my solicitor's email was hacked,' warns one headline. ‘Real estate agent email hacked but buyer pays the price,’ runs another. ‘Mortgage Lender Settles NYDFS Charges for Failure to Report Cyber Breach,’ goes yet another cautionary tale.
Just a handful of stories, from the UK, Australia and the US respectively, shows that email scams are a global phenomenon that is hitting the lending industry hard.
There are three broad types of risk associated with this kind of cyber breach. First, the simple risk of losing money to fraudsters, whether that’s your business’ own money or that of your customers – not many estate agents or brokers will be reassured by the ‘buyer pays the price’ headline above. Second, there’s compliance risk, especially as regulators seek to tighten their guidance to prevent breaches. And finally, there’s reputational risk, and this is perhaps the biggest risk of all.
It’s bad enough when the headlines warn customers off a particular lender or broker. In fact, it might seem only fair that they should suffer the consequences of their carelessness. But then it’s not always the lender or broker that’s at fault. In some cases, customers respond to fraudulent emails purporting to come from a trusted source. Either way, though, it’s never just one company that takes a reputational hit. When people read stories like these, they lose confidence in a whole industry.
So is there anything that can be done? There are certainty measures you can take to improve cyber security, so your emails are less likely to be compromised, and you can share advice with your customers to reduce their vulnerability to cyber crime.
Really forward-looking lenders and brokers are thinking differently, though. For them, the issue is not who is to blame for succumbing to this or that email scam. If email is so vulnerable to scams, why are lending professionals using it at all? Many are not.
Early adopters are already using custom-built apps to communicate and manage relationships with their customers, and it’s likely that before long this will be considered the industry standard. Smart phone apps, based on sophisticated encryption software, are not only far more secure than email, but also easier and more convenient for customers to use.
For the time being, using an app is an effective way for lenders and brokers to differentiate themselves as modern digital businesses that are in tune with the way their customers increasingly live their lives. That’s not always been true of the lending industry.
As customers become more and more aware of the risks associated with email, however, apps are likely to go quickly from being a ‘nice to have’ to being expected. Businesses that get ahead are going to have a distinct advantage over those left watching their email inboxes for enquiries that never come. At least they’ll not be short of scam emails to delete.