A customer recently reported that he had received an email from his boss asking him to transfer a payment to a certain account. This was a normal occurence, and nothing seemed unusual about the request. It was only because their system required two signatures that he contacted his boss, only to discover that he hadn’t sent the request!
This is a rather too-close-to-home example of what is known as a wire fraud email. These spoofing attacks are so simple to produce, requiring no special code, that they are one of the fastest growing forms of cyberfraud. The FBI reported that company losses (already in tens of millions of dollars) doubled between 2014 and 2015, and attributed the increase to cyberfraud such as these attacks.
Once transferred, the money will quickly be changed into untraceable forms, and the employee who made the transfer will probably be the one to take the blame…
So, what can you do to stay safe? Of course, it is vital to have up-to-date internet security software in place, but this cannot protect you against emails such as these, which are only text. The only protection from this kind of attack is human – make sure:
- You and your staff are educated about these risks, and are vigilant.
- You have a system in place whereby the authenticity of the request can be checked before proceeding with the transfer of funds (like the two signatories required by our customer referred to above). This may take a little extra time, but is well worth it if a fraudulent request is presented.
If you have any questions, or ever need to check a suspicious email, contact the friendly security experts at datamills on 0114 287 0510 or info@datamills.co.uk