Don’t fall for this scam – you could lose thousands
You arrive back into the office after having a lovely few weeks away, not having had anything to think about other than how often to apply sun cream.
There don’t seem to be any immediate problems, so after saying hello to everyone you make yourself a lovely coffee, sit down at your desk, and open the business bank account to have a quick check. Very quickly, a payment for 6.6k to a supplier you’ve never heard of, catches your eye.
You make a quick phone call to Shaun in accounts, and what he says sends shivers down your spine.
‘Yeah that’s what you asked me to pay last week. Something seemed off, but I still transferred the money as you said it was urgent.’
This is a real thing, and can be conducted a couple of ways:
Firstly, they may have gained access to your email account and be playing the long game, waiting for you to be going off on holiday so they can make their move on poor, unsuspecting Shaun (who is probably feeling both mortified, and devastated). In this scenario, they can watch and learn how the boss likes to communicate, and eventually send an email pretending to be them, asking for a sum of money to be transferred. They usually claim the payment is urgent, to scare the member of staff into paying it.
Secondly, and this is less sophisticated, hackers can do this using email spoofing. They can simply spoof an email address, making it look like the email is coming from a trustworthy source.
There are a few different ways you can stop this from happening, but they all boil down to either technology to improve security, staff training, or implementing a process (whenever anyone emails asking for the transfer of funds, you pick up the phone and call the sender to double check that it’s a legitimate request). Preferably, you need a mixture of all three.
We can help with implementing this, helping businesses protect themselves from cybercrime is one of the things we do best – please get in touch. Just give us a call on 01373 768024 or send your query to firstname.lastname@example.org