Scam E-mails: How to Protect Your Business against Fraud?
Fraudsters target businesses that work with foreign suppliers or businesses that regularly transfer funds online.
How do they get your details?They use what is known as “social engineering” and “computer intrusion” techniques e.g. a worm to compromise real business email accounts and then create unauthorised transfers of funds out of the business bank accounts.
Example caseThe fraudster emails a phishing document to the intended victim via the address of a legitimate supplier and asks the victim to change the electronic funds transfer detail in relation to the payment of an invoice. This request tricks the victim into clicking a malicious link that downloads malware onto the victim’s computer and allows the fraudster to gain unrestricted access to personally identifiable information, including bank account details and passwords. The fraudster uses this data to authorise electronic payments from the victim’s bank account. Similar cases involve the fraudster using a slightly varied version of an email address of your supplier to change the destination of the electronic funds transfer to the fraudster’s bank account.
Tips to avoid these type of frauds
- Ensure your intrusion detection system is effective and tested to pick up cases that for example flag e-mail addresses that are similar e.g. email@example.com and firstname.lastname@example.org.
- Confirm requests for electronic transfers and details verbally by phone. Use previously known contact details rather than the contact details on the communication.
- Verify changes in supplier/customer with a second sign-off and third party confirmation.
- Carefully scrutinise all email requests for transfer of funds.
- Ensure your computers do not save key passwords automatically and keep any password files on your computer encrypted.
- Know the habits of your suppliers and customers, including the reasons for change in details or payment method.
What questions do you have?
We are happy to help. Please post your comment below or call Paul Leonard, Partner at Cooney Carey, on 01 677 9000. Alternatively, send him an email: email@example.com