Simple, Effective Tips That Work
By Mary Francis
Cyber crime is nothing new. Every day, there are new reports of corporate systems being hacked. The truth is that any company can be a target.
By now, companies are familiar with the system components that can reduce the likelihood of fraud introduced by malicious software (malware). Make sure to update operating system patches, install and update anti-virus and anti-malware software, and use pop-up blockers in your web browser. These are all important factors in protecting your company’s assets.
But even if you take these steps to protect your company, malware can be introduced by employees accessing infected websites, clicking on links contained in phishing or spoofing emails, or by opening an infected email. Here’s a fact that should scare us all: a recent study concluded that sending phishing emails to just 10 employees will get hackers inside a company’s computer system 90% of the time.
Remind your employees to be alert to phishing and spoofing attempts, and never click on links in unsolicited emails.
As online banking security becomes more sophisticated, fraudsters are increasingly relying on social engineering as a way to steal funds. Simply put, they are gaining access by tricking company employees.
A new fraud trend is “Imposter Fraud.” The fraudsters impersonate a corporate executive or a vendor, and request that the company send a wire transfer directly, bypassing security controls.
- With executive imposter fraud, the fraudster masquerades as an executive and sends an email to a subordinate asking them to send a wire transfer to pay a new vendor or an outstanding invoice.
- With vendor imposter fraud, the fraudster claims to be a vendor and sends a request via email, phone, fax or mail indicating that their company’s bank account information and/or payment terms are being updated, and politely asks for immediate account changes and a payment.
In both cases, fraudsters are counting on no one questioning their transaction requests, or if they are questioned, the questions will be directed to the person making the request and not through separate channels.
The best defense against executive imposter fraud is for your company to implement corporate policies and procedures that provide clear instructions regarding who is authorized to initiate payment requests and the process for doing so. Non-complying payments aren’t processed. Also, allow accounting staff to verify payments requested by executives, particularly if they are unusual in any way.
The best defense against all imposter fraud is for all employees verify the request’s authenticity by calling or emailing a trusted supervisor or executive using contact information you possess, not the contact information provided in the request. Dual control (one person initiates an outgoing funds transfer and a second person approves/transmits the request) is another excellent tool to protect against fraudulent activity.
Finally, talk to your banker about the fraud protection services your bank offers. Positive Pay and ACH Blocks/Filters are tools that can be used to protect your accounts from check fraud and unauthorized ACH debit activity. Using email event alerts for specific types of transactions or events (such as a wire waiting for approval) is also a way to ensure that you’re notified about unusual activity on your accounts.
Cyber crime is not going away. Falling computer hardware prices increase the pool of people who will use cyber theft to harm a company’s reputation and steal capital. You do not have to sit and wait for an attack.
Stay informed, install and regularly update the necessary security software, and be proactive with training communication to your employees and business partners about the growing threats. Do your proper due diligence, and you will be prepared.
Mary Francis is a Senior Vice President and Cash Management Director for HomeStreet Bank.