The number of staff being targeted with fake email messages from cyber criminals has risen over the last few weeks, according to the Financial Fraud Action UK (FFA UK).
The FFA UK are warning businesses about the rise in this type of scam, which experts have dubbed “whaling” fraud because it targets the big fish at companies, reports the BBC.
A number of companies have been targeted by this scam, including US tech company Ubiquiti Networks, which lost $47m as a result, and several small to medium-sized UK companies have lost between £10,000 and £20,000, at the hands of the attackers.
According to the FFA UK, the scam involves sending an email requesting an urgent payment to a member of staff in a company’s finance department, from the finance director or CEO’s email address. Fraudsters are able to replicate the email address using software which manipulates the characteristics of an email, so that it appears to be genuine and appears in the recipient’s inbox.
The FFA UK cites the reason for the payment outside of normal procedures as the need to secure an important contract, however, the account given for the payment is controlled by the fraudster and once sent, the payment is quickly removed.
The criminals are gaining information about the names of senior staff at the target companies from publically available information and are also hacking the genuine emails of senior staff and using these to send out the scam emails.
According to the BBC, security company, Centrify avoided falling victim to the scam by chance when the finance staff member bumped into the senior manager named in the fake email and mentioned that a wire transfer was being prepared for them.
The FFA gives the following advice on avoiding this scam:
• Always check any unusual payment requests directly, ideally in person or by telephone, to confirm the instruction is genuine. Do not use contact details from the email.
• Establish a documented internal process for requesting and authorising all payments and be suspicious of any request to make a payment outside of the company’s standard process.
• Be cautious about any unexpected emails which request urgent bank transfers, even if the message appears to have originated from someone from your own organisation.
• Ensure email passwords are robust.
• Consider whether the email contains unusual language or is written in different style to other emails from the sender.
Katy Worobec, Director of FFA UK says that businesses need to be alert to this scam and make extra face to face checks before making payment. “Fraudsters will do all they can to make these scam emails look genuine, so it’s important for businesses to be alert. While an urgent request from the boss might naturally prompt a swift response, it should in fact be a warning sign of a potential scam. That’s why it’s vital that finance teams carefully check any unusual demands for payment through an alternative method, such as over the phone or face to face, before making the payment.”