Part of what we do here at Wilson Computers is to keep up to date with scams and security risks so that we can continue to protect our clients. A threat that we are seeing more and more often has seen scammers walk away with millions of pounds from businesses in the Greater Belfast area.
Unfortunately, this scam can even cause problems for your business if one of your partners, clients or suppliers is susceptible.
There are a few variations of this scam but here’s how it normally works:
STEP 1 – Hacking an email account
The perpetrator will first obtain email login information. The way they often do this is via a convincing fake email asking the user to login. Once the user has clicked on a link and entered their details, the scammer then has a compromised account. Here is an example from this week showing one of these phishing emails.
STEP 2 – Research
The scammer will then access the user’s emails to see what kind of responsibility the user has within their business and what dealings they have with other businesses. They will pay particular interest to any financial transactions that take place as well as noting the style and language of the emails that the user sends and receives.
STEP 3 – The scam
Using the knowledge gained from their research they will craft emails that look authentic and convince the user or someone they do business with to transfer significant amounts of money into a bank account of their choosing. This can be achieved in several ways but there are two that we see attempted regularly. Firstly, the most common approach is when the scammer intercepts an existing transaction and asks for a different bank account to be used. Another less common method is when the scammer uses the email account of a senior figure within the business to ask someone less senior to transfer money to pay a bill that doesn’t exist.
The nature of this scam means that any business can be a target and it is often days or weeks before the fraud comes to light. The scammer will always tidy up after themselves and delete emails so as not to arouse suspicion and make it more difficult to investigate.
How to avoid being their next victim
There are several things your business can do to avoid being the next victim of this scam:
- Verify emails before you click on a link – by hovering over a link with your pointer you can see the URL that the link will bring you to. Does this look legitimate? If in doubt, forward to your I.T. company for verification.
- Increase your security – many phishing emails will get bounced by the email server or filtered into spam but sometimes they will get through. Speak to your I.T. company to see if there are additional security measures that can deployed.
- ALWAYS verify bank transfers by phone – if you get asked to send money to a different account than usual or to someone new, speak to someone you know and trust to make sure those details are correct. The person who is held responsible for the loss may be the person who sent the money and didn’t carry out proper due diligence.
As with many scams, education is often the best defence. Hopefully this email has been useful and you now know how to avoid becoming a victim. If there is anything further that Wilson Computers can do to help, please let us know.