This is the time of year when we should all be preparing to wind down, make plans for the Christmas vacations, and spend time with our families and friends. It's time to have fun and laughter, and to buy our loved ones something special, be it big or small ...
When we are distracted by work and leisure activities it becomes especially easy to lose potentially thousands of pounds of cash from our bank accounts, never to be seen again in some instances.
Whilst consumers are very much at risk, those scammers targeting businesses by impersonating the Managing Director, Finance Director or any other higher-ranking position send spoof emails to pay a supplier by providing a bogus invoice and bank details to lower-ranking colleagues in the accounts or payments departments. They wouldn't think twice about acting upon 'official' instructions.
One case I know of personally is where the MD's emails and calendar had been hacked so the scammer knew that he was onboard a plane. The lady in accounts, knowing the MD was going on holiday then got caught by the rogue email asking for an urgent payment to be made and lost £20K in the process.
One quick phone call to double-check details would have stopped this mistake. The MD did not have a habit of making such requests by email so should have been a red flag!
And it can be as simple as receiving an email from Royal Mail claiming postage is owed. One of my business friends, someone who has been in the IT industry for over 30 years and deals with security every day, fell for this one by expecting lots of presents to arrive and not thinking when she clicked the link to pay for the postage on an item.
She wasn't very happy in the new year when her bank account was being drained, but locked her card as soon as she noticed transactions going out. Thankfully her bank gave her the money back after a short investigation into the known scammers. Lesson learned there, even for an IT professional.
So do you conduct internal email tests with false details to see how many responses you receive? If you have an internal IT department or an outsourced IT supplier, ask them to conduct quarterly testing and make that the basis of staff training on how to spot rogue and spoof emails.
All employees should treat company money as their own, if not at least to protect pay rises and the risk of losing jobs if the business goes under due to being scammed and losing thousands of pounds in cyber theft.
Businesses also need to look into cyber insurance. It is a necessary expense in this day and age, but one that can potentially save the business from going under!
More to the point in terms of technology, it is vital to have email security in place. In short, it's where emails pass through an Artificial Intelligence (AI) based email cleaner before arriving in your Inbox. Mail is scanned and quarantined with only legitimate emails being forwarded to the recipient.
Having used this system myself (at a very affordable price per email account), more than 90% of all junk emails are stopped at source. This is not the same as having a 'junk' folder in Outlook as this is already 'delivered' to your Inbox.
Get your IT department/supplier to look at email security in more detail or call me at BTS (UK).
If you feel inspired to find out more then do call me on 07555 807700 or leave a comment below and I'll be in touch as soon as I can.