As the Wall Street Journal noted yesterday, banks are being deluged with phishing attacks. These attacks are especially fierce around the holiday season, when more personnel are absent and normal procedures are ignored or bypassed. The FBI and other law enforcement agencies are focused on these attacks, but it only takes one employee to “believe” a phishing email for the trouble to start.
This is the time of year when we think of giving to others, but those gifts should not be to scam artists. So remind those you care about (and who handle wire transfers) to:
- Verify changes in vendor payment location and confirm requests for transfer of funds.
- Be wary of free, web-based e-mail accounts, which are more susceptible to being hacked.
- Be careful when posting financial and personnel information to social media and company websites.
- Be suspicious of requests for secrecy or pressure to take action quickly.
- Know the habits of your customers, including the reason, detail, and amount of payments.
- Beware of and verify any significant changes.
And for New Year’s resolutions:
- Consider adopting financial security procedures that include a two-step verification process for wire transfer payments.
- Create intrusion detection system rules that flag e-mails with extensions that are similar to company e-mail but not exactly the same. For example, .co instead of .com.
- Register all Internet domains that are slightly different than the actual company domain.