Industry experts are sounding the alarm over a rash of new fake email scams, directed toward the finance departments of businesses.
The scam works like this: an email goes to someone in a company’s finance department from the company’s finance director or CEO, demanding that the recipient make an urgent payment. The scammers are using software to make the email appear like it’s from the internal email server, so it looks genuine. The fake email tells the unsuspecting recipient that the unusual payment is needed to secure a new, important contract. When the scam works, the unsuspecting recipient makes the payment outside of normal procedures, directly via wire transfer to an account controlled by the scammers.
This type of scams is called “whaling.” The fraud targets senior executives at companies. And according to experts, the average haul for this type of scam is $5,000 to $10,000.
The fraudsters find contact information form publically available sources, such as company websites, directories or social networking sites, and they’re also hacking into email systems to originate the requests directly from the target’s email server.
Here are some suggestions on how to avoid this and other types of fraud:
-
Confirm the request.
If you receive an unusual request via email, confirm the request is genuine by speaking with the requestor. Too often people never verify a request via phone or in-person, and the scammers are counting on this. Email can be compromised, and it’s better to ensure the legitimacy of an unusual request rather than just honoring it. This type of diligence should be encouraged at all levels.
-
Stick to your process.
Procedures are in place for a reason, and help prevent fraud. Deviations should cause red flags.
-
Know the sender.
If something looks off, if the language is suspect or the tone is questionable, there may be a legitimate reason, but it may be fraud as well.
-
If in doubt, do not click on links or attachments.
Unless it’s an attachment that you’re expecting, it better to verify rather than open a file that can cause greater havoc.
-
Be cautious.
Be cautious about any unexpected emails which request urgent bank transfers, even if the message appears to have originated from someone from your own organization.
-
Make sure that email password are strong.
Microsoft recommends the following:
-
- At least eight characters long
- Does not contain your user name, real name, or company name
- Does not contain a complete word
- Is significantly different from previous passwords
- Contains characters from each of the following four categories:
- Uppercase letters
- Lowercase letters
- Numbers
- Symbols found on the keyboard (all keyboard characters not defined as letters or numerals) and spaces, for example` ~ ! @ # $ % ^ & * ( ) _ – + = { } [ ] \ | : ; ” ‘ < > , . ? /
Criminals will do everything they can to make these type of whaling scams successful, and they count on people not looking beyond the request. An urgent request from someone’s boss may make these emails look real. Due diligence before a payment is released can help prevent an unrecoverable loss.
RESOURCE CENTER
Learn More About Business
Accounts Receivable Financing: Boost Cash Flow and Business Growth
What is Accounts Receivable Financing? Accounts Receivable Financing is an alternative financing option for businesses seeking fast cash. Businesses sell…
Federal Reserve Expects Only One Rate Cut in 2024
The Federal Reserve officials indicated a reduction in their benchmark interest rate just once this year, down from their previous…
Bank Turn-Downs
Accounts Receivable Factoring Solutions for Cash-Flow Problems