Is Spear Phishing Going To Get Yours?

phishing_1

Whaling fraud, also called spear phishing, is the latest craze for fraudsters. Simply put, it’s phishing’s bigger badder cousin.

Aimed at large companies and dedicated to stealing larger sums from your business, it’s a cute name for a serious fraud. According to Financial Fraud Action UK (FFA UK), there has been an increase in whaling fraud during the last few weeks.

“Office staff are being warned about fake emails that appear to come from one of their bosses, telling them to transfer money.” BBC.com


How it Works

  • The person responsible for actioning payments will often receive an email from what appears to be someone in senior management.
  • These emails are made to appear genuine through use of special software and hacking tools.
  • Fraudsters will often create a sense of urgency by using a terms like: “You are the only one I can trust with this.”, “We will lose this contract if you don’t act fast.” or it could even include the promise of a possible raise or promotion.
  • The funds are directed to an account controlled by the fraudster and is quickly withdrawn shortly after payment is made.

How to Prevent it

  • It is not good policy to accept and act upon requests for payment by email. Ideally companies should implement systems and controls that handles all purchases and the approvals thereof. Be suspicious of any purchase requests that don’t comply with your company’s policies.
  • If you insist in doing purchase approvals by email, all payment requests should be confirmed in person or by phone.
  • Be cautious of purchases labelled as urgent or top security.
  • Email passwords should be strong. A good password will; be at least 10 characters long, preferably have a combination of words instead of one obvious word, include letters, caps and special characters.
  • Most importantly, look at how the email is composed. Is this the type of language your boss uses on email? Is this the style of writing your boss uses? Look at how the name is signed and compare the message to ones that you have received before. Does it seem legit to you?

“Fraudsters will do all they can to make these scam emails look genuine, so it’s important for businesses to be alert. While an urgent request from the boss might naturally prompt a swift response, it should in fact be a warning sign of a potential scam. That’s why it’s vital that finance teams carefully check any unusual demands for payment through an alternative method, such as over the phone or face to face, before making the payment.” Katy Worobec, Director of Financial Fraud Action UK

We are here to help. If you think your business could benefit from a dedicated purchase approval system, that can process even the most urgent of requests, schedule a free consultation here.

Procurement Coach

More Resources