Recently we have seen what appears to have been an explosion in the fraudulent use of emails and, due to this apparent epidemic; I wanted to draw everyone's attention to this potentially hugely costly attack on businesses.
Fraudsters have been cloning emails for some while now however, the number of attacks seem to be escalating and most employees appear oblivious to this threat resulting in cloned emails requesting payment or changing payment details being taken at face value and payments being made to the fraudster's bank account and the funds lost.
The basic fraud is when an email is sent purporting to come from a member of staff, usually a senior member of management, with the sent email address appearing to be valid instructing a payment to be made and supplying the relevant bank account details to which the payment is to be made. Alternatively, a similar email can be received from a known payee requesting a change in the usual bank details. In both cases the result, if acted on, will be a payment to the fraudster's account with almost no come back on the funds.
The fraud relies on the email being accepted as genuine and that the employees in the business will accept such emails without question, most live in an age where emails are commonplace and there has previously been no real need to question them. Such apparent trust has seen a huge upturn in these frauds, in many cases the employee will reply to the email sent which of course replies directly to the fraudster rather than the staff member anticipated.
Given this, the only way is to deal with all such emails is to assume they are all fraudulent as a matter of course in the first instance and ensure that the verification is confirmed only by using the email or phone number known. Under no circumstances should the confirmation be undertaken by response to the email sender.