A growing number of businesses, organization and individuals are falling victim to internet fraud where they are tricked into directing payments to a cyber-criminal. What can you do to protect your business?
In the world of cyber fraud, this is a type of social engineering. The goal of the cyber-criminal is to convince you that they are a legitimate vendor looking for payment of an outstanding invoice. They may even know the amount of the invoice because they have breached either yours or your vendor’s email system, and they have been watching. That is how they know who normally sends the invoice, who receives and pays the invoice, how much is due, and when invoices are normally paid. Sometimes, they will send an email from your vendor’s email system or they may make up an email address that is very close to your vendor’s email. Remember, the goal is to convince you that they are your vendor seeking payment.
The criminal will request a change in payment method or include different payment instructions. They may request that checks be sent to a different address or made out to a different name. More often, they may request that payment be sent via wire transfer when normally not done or to a different account number. These red flags should alert you that something could be wrong.
Another form of this fraud targets payroll. Criminals will send an email appearing to be from an employee directing the HR Administrator to change the account number of their direct deposit. The email appears to be coming from an employee advising of a change in their bank. You may be inadvertently paying a criminal until your employee notices that they have not been paid.
The good news is that you can avoid being scammed by employing simple best practices:
- Compare the email address against legitimate emails from your vendor or employees. If the address is different or the Domain is off, then it’s fake.
- Scrutinize any requests to change the form of payment or account numbers. Any change from normal is a red flag.
- Call to verify the change request. Call your vendor or your employee to make sure that they requested this change. Do not use email. The criminal may have access to the other party’s email.
- Do not call the contact number listed on the invoice or the email. That phone number could be the criminal. Call your vendor or employee using numbers you have on file.
- Talk to your usual contact at the vendor and ask them if they made any requests to change the payment method and ask them to give you the information over the phone.
- Ask your employee if they requested a change to their direct deposit information and ask them to give you the new bank information over the phone so you can verify the number.
The best line of defense is to call and talk to your vendors or employees to avoid falling victim. Otherwise, you may be giving away your money to a cyber-criminal. Once that payment is made, chances of recovering the money is slim.
For more information regarding how you can best protect your business and the importance of Cyber Insurance Coverage, please contact us at 800-289-1501 or check out our website at www.haylor.com