There is a new type of cyber scam out on the market at the moment and it could cost you your job as well as your employer’s money so be careful.
Fraudsters are unfortunately getting smarter, their more recent scams are a testament to this, employing psychological manipulation to encourage you to pay out vast sums of your employer’s money.
They do this in a number of ways. The most straightforward of these being, they gain access to your boss’ email account, and calendar. They study how your boss communicates, learn about your business, and then wait. Once your boss is away on leave they then send out an ‘urgent payment request’ email asking you to make an urgent payment to, for instance, secure a contract. You think it’s your boss, after all it’s written like they’d write, and of course they want this done quickly so they don’t need to worry whilst they’re away on holiday. Another scenario is they’re at the airport and want the money sent before they fly and are uncontactable for 12 hours.
It doesn’t require a lot of high tech knowledge but it’s proven to be amazingly successful. Around 22,000 firms and organisations around the world have lost more £2.4 billion to it over the last three years. So this is a scheme you should definitely be aware of.
They can orientate themselves in a number of different ways, but generally payment requests will say ‘urgent’, ‘payment’ and ‘request’ in the title. This should set your alarm bells ringing.
Other ways scammers try and get you is through ‘spoofing’ an email account. They will make it look like the email came from someone senior in your company. But if you hit reply to the ‘TO’ address, the reply address will be different. For instance it could have a different domain address or it may look similar to your company but two of the letters are round the wrong way, hoping you won’t notice.
It’s also easy for scammers to spoof the ‘from’ field in an email address and to even edit the label of the sender. So instead of seeing the email address in full, recipient’s just see the person’s name.
They have also been known to go quite some way to try and add credibility to their lies. For instance providing fake telephone conversations with lawyers, or making up that senior conversations have taken place in the business.
The best thing to do if you receive a payment request from anyone in your business is to pick up the phone and speak to them. Double check the request is real. Some bosses say that they won’t ever email a payment request but for some businesses it is a necessary evil.
If you are one of those businesses that do send payment requests over email then now is a good time to sit down and review your processes, make everyone aware of the risk of scammers and to always double check a payment request is legitimate.
Securing your IT systems is an essential part of business operations, if you have any questions regarding your IT security speak to our team today.