Cyber fraud has been on the rise, and recognizing such an attack is an important part in maintaining your company’s financial safety and security. Though scammers used to target CEOs primarily, they have now moved on to targeting accounting, HR, executive, and IT personnel as well. The hope is to trick the employee into sending along confidential information, such as bank routing and account numbers, tax information, or social security numbers. Other times, they are simply hoping to reach an unsuspecting employee willing to wire money at the request of an executive.
Being able to discern a real email from a scam email is the first step in avoiding such system compromises. Oftentimes, scammers will start by sending an email alerting you to the need to reset your password, or that you have a secure document that requires you to login to view the message. Clicking the link in the message brings you to a login page where your email credentials are captured. With access to your email account, they can not only email others inside and outside your organization, but they can gather information valuable to cyber criminals – such as names of individuals in charge of different departments.
Even without access to your email, scammers can send out emails that look like they are from someone in the company. They will sometimes alter a couple of letters in the email address that might not be noticeable with a quick glance, hoping you will respond without thinking, or click a link without looking at what site the link will really bring you to.
What can you do to protect yourself? Training and company procedures are a great first step. Train employees to question emails that are unexpected, and have them reach out to your IT department if they are unsure. Additionally, make it company policy that any wire transfer requests require voice verification.
You should also reach out to your broker and inquire about a cyber liability policy if you currently do not have one. Not all policies offer comprehensive for “social engineering” related losses, so be sure to understand any coverage limitations of the policy being offered.
Arthur Dogramacian is the Vice President of Information Systems for Energi, Inc.