How phishing affects businesses?
Imagine you’re on the finance team for a mid-sized business, with regular duties that include accounts payable. Your boss sends an email instructing you to pay Client XYZ today and includes full wiring instructions, details with what the payment is for, etc. What do you do?
You might send that wire with no questions asked.
Problem is, the situation described above is becoming increasingly common, as Shark Tank’s Barbara Corcoran discovered recently:
“This morning I wired $388,000 into a false bank account in Asia,” the real estate mogul tweeted a couple of weeks ago. Here’s what happened:
Corcoran’s bookkeeper Christina received what appeared to be a routine invoice from Corcoran’s assistant Emily to approve a $388,700.11 payment to a German company called FFH Concept.
The bookkeeper replied asking, “What is this? Need to know what account to pay out of,” and the cybercriminal posing as Emily was able to give a credible, detailed response that FFH was designing German apartment units that Corcoran had invested in. Corcoran does invest in real estate, and FFH is a real company in Germany. (full article)
Poof! Money gone.
Now, in this case, there’s a happy ending, as you may have read a few days later: Corcoran Gets Her $400k Back
That said, such positive outcomes are rare – usually, the funds are not recoverable. Indeed, are you confident you can put the kind of pressure on a bank that Barbara Corcoran can?
And don’t just shrug your shoulders and decide it won’t happen to you. Hackers target smaller businesses precisely because their security is less sophisticated. Plus, scams are like these are pretty slick, as she explains:
“I lost the $388,700 as a result of a fake email chain sent to my company,” Corcoran told the outlet. “It was an invoice supposedly sent by my assistant to my bookkeeper approving the payment for a real estate renovation. There was no reason to be suspicious as I invest in a lot of real estate.”
How can you avoid such pitfalls?
First, better practices: have a process in place for confirming such requests with your team, usually by a live phone call. It’s time well spent.
Further, train your team to be better at spotting such phishing scams – in this case, there was a missing ‘O’ in the sender’s email address which should have provided the clue.
The best news is this: anti-phishing employee training from Cynexlink is very affordable and provides incredible bang for the buck.
Click here to learn more about the valuable service and don’t get caught off guard – it can happen to anyone!