Security Announcement: Phishing emails and fraud
Recently one of our customers suffered a considerable financial loss due to fraud completed with the help of phishing emails. We wanted to let you know so that you can protect your business from similar attacks.
What is Phishing? A phishing attack is a fake email or webpage designed by a malicious source with the goal of stealing personal information, financial data or logins.
Increasingly, cyber criminals are using social engineering to steal from individuals and businesses.
Crooks are using more meticulous approaches that involve researching and purposefully targeting a select few; it is more profitable than spamming large volumes of people and catching the vulnerable. Scammers are gathering information about their victims by studying a company’s online presence and using that information (such as names and hierarchical structure) to manipulate individuals. Unfortunately, it is not only big companies they are targeting but small to medium sized businesses.
In the case of our customer, the scammer digitally impersonated the Managing Director of the company via email and sent an email to the person who handles all the banking and the accounts. The email appeared to be from the MD as it seemed to come from their email address and used correct names. Without knowing what you are looking for it would be really hard to identify its authenticity.
The text of the email reads:
I need to sort out a transaction today. What details do i need to give to
you to make an instant payment transfer?
Sent from my iPhone
This email resulted in a dialogue between the recipient and the scammer where the recipient asked what it was for and why. The scammer seemed to have an answer to all the questions – including that it was personal and that they would reimburse the company by the end of the week.
How can I protect myself and my business?
It is important to remember that most information is now readily available online, especially if you are a business. It can be very easy to work out a company’s hierarchy of power and responsibility and cyber criminals will use this information to manipulate and steal from you.
- Include less personal information about your staff on your website.
- Do not make email addresses of members of your company widely available.
- Confirm all unusual transactions by speaking with the requester face to face.
- Be wary of requests for cash which are just under £10,000 – £10,000 is the point where bank transfers take longer to be processed for fraud investigation and protection. Under this amount and a payment will be transferred straight away.
What should I do if it happens to me?
- Contact the bank – they may be able to recover some or all of the money.
- Report the fraud to the National Fraud & Cyber Crime Reporting Centre http://www.actionfraud.police.uk/report_fraud
- Change all your email passwords – this is not necessary but for peace of mind you may want to do this.
If you are concerned or would like more information.
Contact us now!
023 8024 9820