Watch out for email payment requests
This afternoon we’ve just had a Customer that has been targeted using the “CEO Fraud” technique. Luckily for them they didn’t make the payment but they could have lost £9,400 today!
What is the “CEO fraud”?
An email claiming to be from the “CEO” / Owner of the business is sent to a member of staff in the accounts department asking for a payment to be made. The bank transfer is made only to find out later that it wasn’t the “CEO” / Owner who was actually replying to the emails. When the bank is contacted it’s too late to stop the bank transfer and the money has gone.
The emails will typically come in at a busy period such as lunch time or the end of the day. The times when you are least on your guard and want to get out of the office.
So how do you defend against this?
- It’s all about educating the Users in the whole of the business about this type of fraud. Anything suspicious should be reported and checked out.
- Ensure that you have robust systems in place to make sure that payment requests are verified. This could be as simple as making sure that there is a phone call between the person making the payment request and the person who will actually make the payment. If this is not viable for your business, send a new email to the person making the request. Do not use the existing email chain as the email address can be faked.
- Look out for spelling mistakes and grammatical errors. Especially check out the email address for letters that have been replaced with numbers or letters swapped round. If in doubt check it out! It’s far better to be cautious than to make a payment that turns out to be fraud.
- The banks will probably not refund the money as you’ve made the payment! Can you afford to lose your hard earned money?
- Do you have systems in place to limit your exposure to other threats such as the likes of Ransomware?
- Do you have insurance policies to protect the business if you get caught out?
If you want to know more about what Amshire can do to help you before you fall victim to this new wave of Cyber threats please contact us.