As a follow-up to the previous blog post dated November 9th ,regarding the consequences of phishing attacks that are occurring which has resulted in funds being transmitted to the tricksters: You must have controls in place to prevent a wire to a new vendor from being initiated without verbal confirmation! This will prevent one aspect of the fraud, but education or your personnel is paramount.
Interestingly in all the crimes that ABS is aware of, one of the individuals in the organization has provided their credentials to the criminals by following what looked like an official link and entering in their credentials. The emails that are being sent by the criminals are constructed to be very enticing for you to click on and give up your credentials!
- They may be emails telling you to log in to see the wire information of an amount that has been transferred to you.
- They may be an email telling you to download your Purchase Order for services or product.
- It may be emails telling you that you received a new fax or voicemail (but it is not being generated by your exact fax or voicemail system).
We need to be cognizant and cautious every minute of the day when dealing with emails asking us to click a link or provide credentials. If you are not expecting to receive an email from a customer, a vendor or a co-worker you should be suspicious! Pick up the phone and call them and ask them about it. Many times they will tell you that they have been the victim of a phishing attack and haven’t had the chance to notify everyone yet. Take the extra time to do this and you will not regret it.
Your organization must embark on proactively training its employees to recognize phishing scams. There are many free videos available for education purposes on YouTube, for instance. Some examples are linked to below:
There also are more formal training programs available for companies to train their personnel effectively. Please let us know if you are interested in knowing more regarding this and we will point you in the right direction. All the best…Chris Carrigee, PE, CPA