Payment scams and impostor fraud can happen to anyone and any size business. No one is exempt. And… Typically it’s not a hardware/software issue. It’s a people issue. For example.
I, posing as a CEO of a company, ask their controller to wire $10,000 to a bank somewhere in the US immediately. All of this needs to look legit of course. My email was created to look almost exactely like the CEO I am frauding. Transfer is made. Controller is defrauded. Doesn’t seem like it would work, does it? Yet “BEC amounted to 2.3 billion in worldwide damages in the past three years” -FBI.
Fraud is Easier than You Think.
Imposter Fraud is basically a three step process:
Step one: Get executive email address so as to create a spoofed one.
Step two: Create “spoofed” executive email account with similar looking domain/address. All it needs is one character difference.
Step three: Send legitimate executive sourced email to accounting/finance department with wire transfer instructions. Make sure there is expediency in the email like “Immediately”.
“There has been a 270 percent increase in identified victims and exposed losses in the past year” -Melissa Giddens, Senior Treasury management officer at Washington Trust Bank
Training is Needed.
Awareness, Awareness, Awareness. Employees can be a gigantic weak link in the protection against fraud if not trained to be aware. If an email is in any way suspicious they need to report before they take action. Items like opening unknown sender attachments and links for example. They need to make sure they encrypt emails with sensitive information. Two forms of authorization for any wire transfers and the such as well. An annual security awareness training is not over the top either.
If this seems like too much to grasp and get your arms around then partner with a capable company that can lead the way like Fidelis. Remember, it’s not if this will happen to you it’s when. Have a plan for a breach. Start protecting now with education and awareness.
I Have Been Breached Now What?
Take immediate action:
1. Contact your financial institute.
2. Report the crime to law enforcement.
3. File a complaint to Internet Crime Complaint center.
With a little preperation and training you could fend off financial loss and credibility. Be proactive.
Terms to Know:
Spoofed – Type of scam where an intruder attempts to gain unauthorized access to a user’s system or information by pretending to be the user. -Investopedia
Domain – The domain is the name of a network or computer that is linked to the Internet. You can find the domain in an email address after an @ sign. -Fact Monster
BEC – Business Email Compromise is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. -FBI
Resource: CEO Adviser – Seattle Business Magazine September 2016 – Article: Impostor Fraud by Melissa Giddens, Senior Treasury management officer at Washington Trust Bank
© 2008-2017 FideliTrust | Photos courtesy of 123RF | 1119 Views