Have you ever emailed your finance team or accountant to ask them to pay a bill for you? If so did they question this? If not then why not?
We’re all busy, we all try to save time but potentially losing tens of £thousands might be worth slowing down a little and double checking your procedures. Sending a spoofed email is a 2 minute job and the software to do it is readily available on the internet for free. Its not difficult to pretend to be someone else and also to find out who, in your team is responsible for paying the bills. Think about the information that you advertise on your website or your teams response to a call from one of your clients or a possible new client asking for the details of the person who accepts payments from customers. We’ve had a few clients, and have also had attempts made to ourselves by these tricksters even though we’re an IT Support company. Your bank isnt responsible for your accountant logging into your internet banking account and making the payment, its the internal process at your company which needs to stop this.
A few steps you can take to help are:
- Speak with your accounts team and make them aware this is a common scam.
- Put in procedures to double check all requests for money transfers. Passwords, phone confirmations are a couple.
- Ensure your companies antispam service checks the source of emails to ensure they are being recieved from legitimate sources.
- Remember, just because an email has your company name in the address dont assume its from your company, theres a big difference between email@example.com and firstname.lastname@example.org. Make your staff and accountants aware of this.
Cyber threats are top of the security concerns of any business. Having inadequate security in place leaves you wide open but the in place security is only a part of the defence. Your staff should be aware this is happening and know who to turn to and what to do if they have concern.
Heres a link to ‘The Bogus Boss‘ BBC News article which has real life examples of attacks. Its well worth a read.