Tips and tricks to be cyber security aware
Nurturing a healthy cybersecurity culture means ongoing employee education, password change reminders and awareness campaigns.
As thousands of customers prepare to move their bank accounts over the coming months due to the exit of Ulster Bank and KBC from the Irish market, businesses should be on high alert for scams. With over 70,000 businesses due to move their accounts there is a greater threat than ever of phishing attacks.
Phishing is a cyber-attack that everyone should understand in order to protect your personal data and the company you work for. Phishing is the attempt by fraudsters to acquire sensitive information which they do by sending fake communications generally via email. They appear to be from a trustworthy source such as your financial institution or known creditor or utility company.
Fraudsters are attempting to compromise all types of data sources looking for personal information and credit card details for financial gain. More professional fraudsters will send phishing emails in a bid to get other information such as employee login details, system access and other sensitive information which they can use in more malicious type attacks against your business.
Phishing starts with a fraudulent email or other communication designed to trick people into clicking on a link in the mail by claiming that they need to “update”, “verify” or “reactivate” their account or to allow them to claim a refund. The link brings the victim to a bogus website (which may look like the genuine company’s website) where they are asked to key in financial or security information. Another variation of phishing is where the victim is asked to fill in a form which is attached to the email and to email it back. In recent years’ phishing emails masquerading as email communications from banks, card issuers, An Post, utility companies, and other delivery companies have been common.
The emails often impart a sense of urgency, threatening that your account will be blocked, closed, deactivated or that you will suffer some other negative consequence, if you do not act immediately.
Other email fraud types to be highly alert to in the current environment include invoice redirection fraud or CEO fraud. Invoice redirection fraud involves a fraudster notifying your company that supplier payment details have changed and providing alternative details in order t defraud you. The fraudster could be claiming to be from your company's genuine supplier, or even be posing as a member of your own firm. With so many businesses who will now be legitimately changing their account details, this provides the perfect opportunity for criminals to take advantage.
Already this year FraudSMART members have seen over 100 cases of invoice fraud with businesses suffering an average loss of €14k but which can range up to €50k. This fraud type is one that all employees should be educated on and on high alert to over the coming months.
Key advice for business to prevent fraud
- Ensure employees are fraud aware and understand the controls and procedures in place to prevent fraud. Regular training rather than once off annual training is required.
- Be wary of payment requests that are unexpected, irregular or require changes to bank account details, whatever the amount involved.
- Have a verification process in place before changing saved bank account details. Pick up the phone and contact the sender using known contact details. Do not use contact details from the communication requesting the change as they could be fraudulent.
- Fraudsters can change an email address to make it look like it has come from someone you email regularly.
- Fraudsters may already have basic information about you or your business in their possession (e.g., name, address, account details), do not assume a caller or an email is genuine because they have these details.
- Always exercise caution when forming new relationships with potential customers, undertake appropriate due diligence.
- Ensure security and software is regularly updated and maintained using official and reliable software.
Overall, the key message, is to take your time, never click on links emails and verify any communication, and do so by using contact details you have on file or via a website directly.
FraudSMART has developed a brochure ‘Protect Your Business from Fraud’ aimed specifically at the business community. This brochure is available to download from the FraudSMART website here.