December 22nd, 2016 by Rocket IT
We’ve recently seen a good number of VERY sophisticated phishing emails that could’ve resulted in significant financial loss. As phishing attempts escalate, and scammers find increasingly crafty ways to elicit money from their victims, we must stay vigilant.
One clever phishing email scheme we’ve seen increasing recently goes something like this:
An employee receives an email from their boss, boss’s boss, or the CEO. This decision maker asks the employee to send them the state of the company’s accounts and/or requests the employee wire funds to that decision maker. From the email address, down to the signature, the email looks almost exactly as if it has come straight from the hands of that executive.
That’s because a scammer has spoofed their email address, making it appear as if the email came directly from them.
How can your organization avoid losing significant amounts of company money to scammers like this?
Ensure all employees have a strong password, especially executives and those with access to financials.
These emails can often come from the mailbox of the actual executive if their account is compromised. So the best thing to do is to prevent them from getting hacked to begin with. Make sure your password stands the test here.
For extra security, you can also set up two-factor authentication. This will trigger an additional security question before a user can access their account after logging in with their username and password. This security question should be equally as strong as your password. Using questions and answers that can easily be found via a quick google search will defeat the purpose of using this extra step.
Confirm. Confirm. Confirm.
Follow up with that executive and make sure they truly made that request. If you can, follow up over the phone or in person. If you respond directly to the original email, that response will go straight to the scammer. And, if the decision maker’s account has been compromised, any emails asking to confirm that transaction request could still be intercepted by the scammer.
Ensuring that all significant financial requests are verbally agreed to by the person requesting the transaction can prevent loss of funds to scammers like this.
Michael Bearchell lives with his wife and three children in Gwinnett County. He is an Inside Support Technician at Rocket IT and has found out the hard way that it is tough being a New York sports fan in the south.
Have you found that you need the expertise of a Chief Information Officer to help you make strategic decisions on how to leverage technology to meet your unique business goals, but aren’t ready to commit to hiring a full-time executive to fill that need? Learn about our virtual CIO services.