Cyber Fraud Can Cost Thousands of Dollars
yber Fraud can Cost Thousands of Dollars.
The email above from Bill, the president of Workplace One, was routine. Dave, the company’s controller, responded with a few questions, and Bill quickly answered. It was one of hundreds of similar financial correspondences between the two in a given year.
Except the email wasn’t from Bill. And the vendor was fictitious. While the names in this story have been changed, it’s exactly what happened to three of SSR’s clients last year. And the bad news? These clients aren’t alone.
According to the FBI, more than $3.1 billion in actual and attempted losses have been reported globally since 2013 in cyber fraud. Since 2015, losses like these have increased 1,300 percent, according to the Internet Crime Complaint Center.
The scam has hit victims in every state and in more than 90 countries.
Here’s how it works: Criminals using standard phishing techniques gather company and personnel information, or they entice a worker to click a link that gives them free reign in the company’s IT environment. Then, crooks send emails that look nearly identical to company correspondence, sometimes referencing jobs, products and services that a company currently has in the pipeline, a practice known as “spear phishing” for its sharply pointed approach.
The No. 1 way to prevent cyber fraud is to properly train staff with stringent internet and security procedures and to make them aware of scam “warning signs.” These include emails that ask for personal information, request clicking external links, or demanding immediate action without following company procedure.
The next step to preventing loss is to utilize a two-step authentication sign-off for any transfer of funds, new vendors or a change of vendor payment.
We also suggest that you talk to your bank about proper security controls as well as your insurance provider for protections against cyber theft and damage.
Here are a few of the key recommendations from the FBI:
- Use only existing information for current vendors; authenticate any changes
- Create intrusion detection rules that will flag emails with extensions that don’t match company email addresses exactly
- Create email rules to flag communications that go to a different reply address than what’s displaying in the “from,” which means the email is headed to someplace else altogether
If you’ve been the victim of a cyber fraud attack or need an expert to help you update your policies and procedures to ward against these crimes, SSR can assist. We can present industry-leading information to your staff to create awareness, and we can assist in establishing or updating your processes, whether that’s stronger internet policies, password security or email strategies.