Imposter steals two million dollars from local Charlotte suburb
In a local suburb of Charlotte, Cabarrus County is dealing with more than $2 million in funds missing that intended for a new school construction project. A hacker, posing as the construction company for the project, sent a fake notice to the county requesting a change in bank account where the funds should be routed to and it was done.
Although there is a lot of focus about the intricate security hacks occurring, the more frequent attacks are much less sophisticated with hackers posing as a false identity to coerce someone to do something you want.
How can I prevent this from happening in my business or organization?
Create a series of checks & balances around sensitive processes such as Vendor Setup, A/R, A/P, Treasury, etc. This includes multiple levels of documented approvals for transactions that are deemed critical (i.e. over a certain dollar amount). Even if you are the president of the company, make sure you do not bypass these processes for the sake of convenience. Even though it might be a pain in the a$$, it can save you in the long run.
Educate, educate and educate some more. Make sure your employees are trained to look at the email address of the sender and double check that it looks real. Many times the imposters will change the domain name (the part of the email after @) to be very close to what the actual domain is for the company. See #4 for automated ways to approach this.
Enforce multiple ways of authentication. Just like a bank makes you confirm your childhood best friend (who you can never remember), set up your vendors with a multi authentication process to confirm who they are.
Make sure that you do have some sort of email security tool in use for your organization. Many times, these types of imposter emails can be flagged before anything bad can ever happen. If you have an IT department, make sure they have this implemented. If you are in IT, make sure you have the right rules set up for your email security.
Set up time with Opkalla today if you would like to implement better security processes in your organization today.