Recently we have seen what appears to have been an explosion in the fraudulent use of emails and, due to this apparent epidemic; I wanted to draw everyone’s attention to this potentially hugely costly attack on businesses.
Fraudsters have been cloning emails for some while now however, the number of attacks seem to be escalating and most employees appear oblivious to this threat resulting in cloned emails requesting payment or changing payment details being taken at face value and payments being made to the fraudster’s bank account and the funds lost.
The basic fraud is when an email is sent purporting to come from a member of staff, usually a senior member of management, with the sent email address appearing to be valid instructing a payment to be made and supplying the relevant bank account details to which the payment is to be made. Alternatively, a similar email can be received from a known payee requesting a change in the usual bank details. In both cases the result, if acted on, will be a payment to the fraudster’s account with almost no come back on the funds.
The fraud relies on the email being accepted as genuine and that the employees in the business will accept such emails without question, most live in an age where emails are commonplace and there has previously been no real need to question them. Such apparent trust has seen a huge upturn in these frauds, in many cases the employee will reply to the email sent which of course replies directly to the fraudster rather than the staff member anticipated.
Given this, the only way is to deal with all such emails is to assume they are all fraudulent as a matter of course in the first instance and ensure that the verification is confirmed only by using the email or phone number known. Under no circumstances should the confirmation be undertaken by response to the email sender.
This may be seen as cumbersome however, to protect the company’s cash and assets; it is essential that everyone is aware of the current threats and take the necessary steps to confirm any such instructions. So far, the most commonplace frauds relate to payments and changes in payment details however of course any confidential information could also allow fraudsters to enact further frauds so it is not possible to cover every eventuality but make everyone aware of the threats currently ‘out there’.
If in doubt ALWAYS check it out!
Article written by Estelle Hardwick