Avoiding Cyber Scams and Fraudulent Funds Transfers
Fraudulent Electronic Funds Transfers (EFTs) frequently cause large dollar losses. If a hacker gains control of the email of a business and a supplier of that same business (commonly referred to as a "Man in the middle" attack) and the hacker makes a fraudulent request which mimics previous legitimate requests then it is very difficult for the business to identify the request as illegitimate.
Any requests for funds to be transferred to a bank account unfamiliar to you should be a red flag, especially if that account is in another country.
If a business has a protocol with suppliers for requests for payment to be made via email then ensure you establish and follow procedures to confirm requests using a mechanism other than email and only proceed with an EFT after confirming the request is legitimate. This includes but is not limited to confirming dollar amounts, name of the financial institution and the bank account number. To validate the authenticity of the request further, confirm information only known to the supplier (to which a hacker would not know the answer).
Practical loss prevention tips to minimise potential fraudulent cyber EFT exposure include:
- Slow down and take the necessary time to validate suspicious or unexpected emails. Do not click a link, pop up or attachment without first hovering over the link to display the URL to assess its legitimacy.
- Establish written protocols for dealing with EFT payment. Verbally confirm EFTs with suppliers to minimise risk.
Basic best practice measures to reduce cyber attack risk should also include:
- Ensure all software has the latest security option patches to help protect against malware, viruses and hacker attacks;
- Frequently backup all important data and information offline and verify your backups. Regular offline backups reduce the likelihood that critical data is lost in the event of a cyber attack. Protect your backups in a remote or external location where they are safe from ransomware that seeks out backup copies to encrypt them as well;
- Change and strengthen passwords frequently and make sure employees use different passwords on different applications;
- Use multi factor authentication to add an extra layer of security to help prevent a hack especially when employees work remotely;
- Maintain strong work from home cyber hygiene. Reinforce with employees the cyber protocols to be followed when working remotely;
- Remind all employees of the importance of powering down computers when not in use. Computers are not accessible to attacks or intrusions when powered off.
