October is Cybersecurity Awareness month.
At D.E. Web Works - we aren't just an MSP. We see ourselves as your proactive cybersecurity partner, here to provide solutions to help you avoid costly issues and downtime.
This week we're highlighting a rapidly growing scam we are seeing.
What would you do if you received an email from your CEO or CFO asking you to make an immediate or urgent wire transfer of funds? Or what if you receive an email from an employee requesting you change their bank account information where their earnings are usually direct deposited?
If you are the person in your organization who is responsible for such tasks and receive requests like this regularly, you may not think twice. However, with the increased sophistication of hackers and cybercriminals, you must Stop, Look, and Think before deciding how to proceed.
Business Email Compromise is an advanced form of spear-phishing which targets employees of businesses that routinely perform wire transfer payments or work with payroll. This form of cybercrime is steadily on the rise, and companies are losing thousands, even millions of dollars instantly because of a spoofed or compromised email address.
Image above is an example of a recent spear-phishing email one of our clients received in which they were prompted to change the bank account information of an employee on file.
> How It Happens:
The scammers target the email accounts of business executives or employees. Either they will gain actual access to those individuals’ email accounts through a targeted phishing attack and wait for the perfect time to take over such as when those employees go on vacation or leave for a business trip, or they will simply spoof the email address and change where the email is sent when it is replied to. This is called header manipulation. Then, they will email an employee within an organization who may be responsible for making wire transfers or handling funds, asking them to process a transaction.
> Here are some things to look at when you receive any requests to transfer or wire funds or change bank accounts:
- Look closely to verify the email address when you receive a wire transfer or monetary transaction request. Check for any spelling errors or missing letters.
Call the person who is requesting the transfer directly to verify that the request is legitimate, or follow your corporate verification procedures carefully.
If you think a request is suspicious in any way, trust your instincts and inform management or IT immediately.
Look at the real email address before replying to the message.
> To prevent YOUR email from being the one that is compromised:
- Never provide your security or account credentials to anyone.
Do not click on any links or open attachments in emails you receive, unless you are absolutely positive they are safe and from a legitimate sender.
Did you know that Comprehensive Cybersecurity Training is included in ALL Managed IT Service Plans?
Our interactive training modules can be done at your own pace, and in your own space, and are packed full of information presented in an entertaining and engaging way!
Our customized cybersecurity learning program is comprised of videos, quizzes, and games that will educate you and your team on the latest tactics criminals are using to try and steal your data.
President/CEO, D.E. Web Works