Industry experts are sounding the alarm over a rash of new fake email scams, directed toward the finance departments of businesses.
The scam works like this: an email goes to someone in a company’s finance department from the company’s finance director or CEO, demanding that the recipient make an urgent payment. The scammers are using software to make the email appear like it’s from the internal email server, so it looks genuine. The fake email tells the unsuspecting recipient that the unusual payment is needed to secure a new, important contract. When the scam works, the unsuspecting recipient makes the payment outside of normal procedures, directly via wire transfer to an account controlled by the scammers.
This type of scams is called “whaling.” The fraud targets senior executives at companies. And according to experts, the average haul for this type of scam is $5,000 to $10,000.
The fraudsters find contact information form publically available sources, such as company websites, directories or social networking sites, and they’re also hacking into email systems to originate the requests directly from the target’s email server.
Here are some suggestions on how to avoid this and other types of fraud:
Confirm the request.
If you receive an unusual request via email, confirm the request is genuine by speaking with the requestor. Too often people never verify a request via phone or in-person, and the scammers are counting on this. Email can be compromised, and it’s better to ensure the legitimacy of an unusual request rather than just honoring it. This type of diligence should be encouraged at all levels.
Stick to your process.
Procedures are in place for a reason, and help prevent fraud. Deviations should cause red flags.
Know the sender.
If something looks off, if the language is suspect or the tone is questionable, there may be a legitimate reason, but it may be fraud as well.
If in doubt, do not click on links or attachments.
Unless it’s an attachment that you’re expecting, it better to verify rather than open a file that can cause greater havoc.
Be cautious.
Be cautious about any unexpected emails which request urgent bank transfers, even if the message appears to have originated from someone from your own organization.
Make sure that email password are strong.
Microsoft recommends the following:
At least eight characters long
Does not contain your user name, real name, or company name
Does not contain a complete word
Is significantly different from previous passwords
Contains characters from each of the following four categories:
Uppercase letters
Lowercase letters
Numbers
Symbols found on the keyboard (all keyboard characters not defined as letters or numerals) and spaces, for example` ~ ! @ # $ % ^ & * ( ) _ – + = { } [ ] \ | : ; ” ‘ < > , . ? /
Criminals will do everything they can to make these type of whaling scams successful, and they count on people not looking beyond the request. An urgent request from someone’s boss may make these emails look real. Due diligence before a payment is released can help prevent an unrecoverable loss.
Why Your Manufacturing Business Needs Accounts Receivable Financing Discover what’s driving U.S. manufacturing challenges and growth, and why accounts receivable…
You are about to leave Scale Funding’s website and be redirected to a third-party website. Scale Funding does not endorse, guarantee, or take responsibility for the content, services, products, or policies of any linked third-party website.
This disclaimer applies to each and every third-party website you may visit through links on our site. Please note that our privacy and security policies do not apply to these third-party sites. We strongly encourage you to review the privacy and security terms of any site you visit.
