We need to be constantly aware and vigilant in relation to online fraud and scams.
Business Email Compromise: A Growing Online Security Threat
A business email compromise happens when a fraudster sends an email to your company’s payments team impersonating a contractor, supplier, creditor or even someone in your senior management. For instance, the payments team may receive:
- An email appearing to be from the CEO asking that an urgent payment be made. This is often accompanied by a request for secrecy, directing the recipient not to discuss the matter with anyone else.
- An email or forged letter from a supplier advising that their account numbers have changed, and instructing all future payments be sent to the new account.
In either case, it can be difficult to detect this type of fraud since cyber criminals make the sender’s email address appear to be the same as a known email address. Fraudsters may even hack into the actual email account of a particular user and send the email directly from there.
How You Can Take Action
Start by making your payments team and/or relevant staff aware of this type of fraud so they can be looking out for it. In addition to this:
- Implement payments security that includes a two-step verification process, which involves contacting the sender via an alternative method (e.g. phone, instant message).
- Always use known contact details to follow up.
- Don’t reply directly to the email.
- Don’t use any phone numbers or other contact information included in the email.
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
This is a guest blog post written by David Thompson who is the current IT Manager for WCF Ltd. David will be writing a monthly article as part of the "IT Corner" column / slot. We hope you find these snippets of IT knowledge useful!