Everyone is always worried about fraud. From identity theft, credit card fraud, card readers, and even phone call fraud. However, most people forget about email fraud. Email fraud is one of the biggest scams today, and no company is immune. A rash of recent email fraud is targeting the finance departments of companies. The scam starts by an email being sent to a member of staff in a company’s finance department. This email appears to be sent from a senior member of the company, such as the finance director or chief executive. They get the names of the senior staff members by looking through corporate listings, LinkedIn and other social media. Then one of two things happen. Either the senior staff members email accounts get hacked, usually if on web-based services, or software is used to manipulate the characteristics of an email. The emails are authentic enough so as to have the senders email address read as the senior staff members address, all the way down to their signature. Whatever method they use, the goal is the same, and they demand an urgent payment to be made outside of normal procedures. Usually they stress the importance in order to secure a big contract or secure the large deal. The money is deposited in a bank account, then immediately withdrawn and the fraudulent person is gone. So is the companies money.
How can you protect yourself?
If you work in finance or accounts, be on your guard and follow the following advice.
- Always confirm unusual payment requests in person or by telephone. Do not use the contact details from the email.
- Establish a documented internal process for requesting all payments. Anything outside this process should be flagged as suspicious.
- Always question urgent bank transfer or payment requests.
- Ensure your company has a good password policy for email accounts.
- If the email does not normally read like something the sender would typically write, be suspicious.
Remember, if ever in doubt, please contact your IT support team for verification.