Author: Fundamental Advisory and Consulting, LLC
Everyone loves three-day weekends, especially when there’s a big holiday involved.
Those quiet afternoon hours before the big weekend can be a chance to catch up on work with no meetings and no distractions.
Until there is that one distraction, however. Just an overdue payment that needs to go out before the big weekend, and of course nobody else is still around to handle it. The CEO forwarded it, said it was urgent, and even went so far as to provide all the account information needed to process the payment.
Only a few keystrokes and it’s taken care of. All part of the job, and who doesn’t like being the hero of the day, especially when it’s the CEO making the request?
The strange thing is that upon returning to the office after the weekend, nobody seems to care. Nobody even knows about the urgent payment request – not even the CEO who supposedly sent it.
This is just one of many ways that wire fraud can play out.
Preventing wire fraud and other types of cybercrime is something that everyone is responsible for, but organizations need to equip their people for success. In this scenario, the point of failure occurred long before the long weekend.
What are some steps you can take?
- If you receive an email, confirm the details against a trusted source of information, even going so far as to place a phone call in response. Be sure that you’re using a trusted source of information for the phone number as well, not the one that’s posted on the email you received. A trusted source of information could be lots of different things - a contract, or contact record in your system, a past invoice or bill, or simply go to their website for contact information.
- When something is urgent, people have a tendency to move quickly to resolve the issue. It’s great service, but it also can cause you to let your guard down. Treat urgency as a sign to pay more attention to what is going on. Give things a second and third look before acting.
- Requests for secrecy or anything that starts to make you feel like you’re in a spy movie should make you say double-0 “No!”
- If the request contains misspellings, bad grammar, missing punctuation, or awkward wording, be sure to verify the request. It’s your opportunity to either stop fraud in its tracks or passive-aggressively criticize your coworkers’ attention to detail.
- Treat every email address and link as something that should be examined. Make sure that domain names are correct, and don’t forget that the name right before the .com or other extension is what you need to really pay attention to.
- Invest in cybersecurity software to help prevent some attempts from even reaching someone’s inbox.
- Make sure that your organization is properly insured for losses due to these types of crime. Insurance companies want to reduce the amount of claims they are obligated to pay, and can help with preventative measures.
Take the time to consider your own policies and procedures to make sure you have the right controls in place. Learn to identify the signs of phishing (and spear phishing) attempts, business email compromise scams and other activities that can lead to fraud. With the right preparation you can be sure that the long weekend is something that you can look forward to.