Trusting Digital Communication: Strategies Against Scams

by Patrick Müller

12.05.2023

0 Shares

Protecting Against CEO Fraud in Times of Growing Scams

The rapid increase in digital communication offers businesses new opportunities, but it also presents significant risks. One of the most dangerous threats is CEO fraud, where fraudsters pose as executives to obtain confidential information or money. At the recent security conference hosted by the Federal Office for Information Security (BSI), essential fraud prevention measures were discussed.

In the following, I would like to share my own work assignment after 2 days at the 2023 BSI Security Conference … along with my initial findings!

As we increasingly communicate digitally, we must rely on messages, links & files. However, the flood of messages opens the door to scams.

In terms of fraud prevention, I took three key points away from the event:

Two-Factor Authentication (2FA): An additional layer of security beyond the password, using one-time codes or biometric features to protect user accounts.
Digital Signatures: These verify the authenticity of emails and documents, minimize manipulation risks, and increase integrity and credibility.
Continuous Scanning for Stolen Credentials: Regular checks of public databases for your data to detect security breaches early and take appropriate action.

DEEP DIVES:

Two-Factor Authentication (2FA)

Two-factor authentication (2FA) is essential for increasing the security of online and user accounts. Alongside user IDs & passwords, a second channel is used, such as one-time codes or digital/biometric features.

"Time-Based One-Time Password" (TOTP) is a method used to generate time-limited one-time passwords and is commonly used in authentication apps.

My Findings:

For some of my personal accounts, I can't activate 2FA or find the option. I've reached out to support… waiting for a response.
For all business accounts, I was able to activate 2FA or define it as a company standard.
Where 2FA is available, SMS/call & TOTP methods are offered. I prefer the latter.

Authentication Apps:

Google Authenticator
Microsoft Authenticator
Authy
LastPass Authenticator

Further Information:

Digital Signatures

Digital signatures on emails allow the authenticity of senders to be verified & manipulation to be detected. As a result, using them can increase integrity & credibility while reducing the risk of fraud, hacking, or phishing.

The same applies to PDFs, as digital signatures can confirm the content's authenticity.

However, this only works if digital signatures are always used, so their absence is unusual.

My Experience:

During my studies and previous jobs, I used both as a user. It was easy and straightforward.
Privately and in my own companies, I haven't yet used digital signatures. I currently lack a certificate provider.
I'm now looking into it and will review the options in the coming days. My current shortlist of providers is below.

My Current Shortlist of Mail & PDF Certificate Providers for Further Review:

Continuous Scanning for Stolen Credentials

A "breach scanner" searches for potential data or security breaches. Public databases and published information are checked for your data, helping to detect security issues early & take protective measures, such as changing passwords or email addresses.