You get an email from your bosss boss requesting that you make a wire transfer to a new vendor. The email is marked urgent, so you ignore the 20 others that need your attention to take care of it. You handle wire transfers all the time, and youll definitely score points for responding so quickly, right Maybe not.In a recent scheme, sometimes called masquerading, a hacker poses as a senior executive and asks an employee to complete a financial transaction, like a confidential business investment or a payment to a vendor. Once money is wired to a bogus account, it can be nearly impossible to recover.In fact, the scheme often goes undetected until the companys fraud department raises an alarm, or company executives talk to each other about the transfer request. According to a recent bulletin from the Internet Crime Complaint Center (IC3), the average loss is $55,000, but some losses have exceeded $800,000.In some cases, the emails are spoofed by making subtle changes, so its difficult to distinguish a fake address from a legitimate one. For example, johnexample.com looks a lot like johnexanple.com. In other cases, the hackers break into an organizations email system and send urgent requests from legitimate accounts.Scammers like to mix it up. They may pose as vendors who have existing relationships with the company and send emails to update their account information. Some masqueraders try to commit this fraud on the phone, posing as the CFO, comptroller or CEO to intimidate an employee.Want to make sure your company doesnt fall victim to a masquerade scam Establish a multi-person approval process for transactions above a certain dollar threshold.Implement a system that requires a valid purchase-order, along with approvals from a manager and finance officer, to spend money.Circulate this blog post by email or in a staff meeting. Its great with coffee and donuts.In addition, share these tips with your colleagues:Confirm that any request to initiate a wire transfer is from an authorized source within the company.Double- and triple-check email addresses.Slow down. Fraudsters pressure you to take action quickly so you dont have time to think it through. Take time to verify any request even an urgent one.Be suspicious of requests for secrecy. Speak to the executive on the phone or in person. If you still have doubts, speak to another senior executive.If you think you may have encountered a masquerade scam, please report your experience at www.ic3.gov and ftc.gov/complaint.Has your company developed other strategies for combatting these scams Use the comment section to tell us about it.
Nicole Vincent Fleming
Consumer Education Specialist, FTC
Topics: Avoid Scams, Be Smart OnlineTagged with: email scam, hacker, phishingSource: www.onguardonline.gov
No comments:
Post a Comment