?Whaling? fraud reaches small firms ? Here’s how to protect your business
Small firms have been targeted by a scam dubbed ?whaling” fraud in recent weeks, losing sums of between ?10,000 and ?20,000 as a result. Financial Fraud Action UK (FFA UK) said there had been a particular rise in the scam over the past few weeks and warned office staff to be wary of fake emails that appear to come from one of their bosses telling them to transfer money. It has been called ?whaling? fraud due to its nature of targeting the big fish of the company, rather than phishing, which tends to be aimed at lots of smaller fry. While earlier examples had seen bigger firms like US tech company Ubiquiti Networks lose $47m, the fraud has now reached smaller companies too. Ben Johnson, chief security strategist at Bit 9, said the scams were widespread, while the fraudsters behind them were targeting both large and small companies. ?It’s becoming a big problem, especially for small companies that do not have the bodies to look into all the emails?. He added that while ?the bad guys might only be after $100,000, but for a smaller company that’s a lot of money?. The pattern has seen staff in a business’s finance department receive an email, which they believe to be from a senior manager. It appears genuine as the culprits use special software to make the message seem legitimate, mimicking the characteristics of an email, including the sender address. It appears in the recipient’s inbox in exactly the same way a regular email from the same contact would do. The emails tend to request urgent payments be made outside of normal procedures ? usually for a time-sensitive necessity, like securing a contract, which the CEO or business owner can’t complete as they are out of the office. When employees transfer the money though, it goes into an account set up by the fraudsters. Katy Worobec, director of FFA UK, warned that ?while an urgent request from the boss might naturally prompt a swift response, it should in fact be a warning sign of a potential scam?. It’s important for businesses ?to be alert? as fraudsters will ?do all they can to make these scam emails look genuine?. If you are concerned about your business or your employees being targets, the FFA UK has advised making sure to follow the below steps.
Advice on avoiding this scam:
(1) Always check unusual payment requests directly ??preferably in person, or by phone (2) Don’t use contact details provided on such emails (3) Establish a documented intenral process for requesting and authorising all payments and be suspicious of any request to make a payment outside of the company’s standard process (4) Be cautious about unexpected emails requesting unusual transfers (5) Consider whether the language used in the email is unusual, or used in a different style to that usually used by the sender (6) Ensure email passwords are robust Recent research by Get Safe Online found that cyber crime cost Brits ?268m in one year, with one in ten adults handing over bank account details following fake tax rebate emails. For more information on cyber liability and why it could be a useful option for your business, Ben Butler, director of insurance brokers Macbeth, has put together a guide on what it does and how it can protect your firm.
Jon Cano-Lopez explains that while the past few months have uncovered a shocking lack of understanding and preparedness for data breaches among UK companies, there are certain techniques small businesses can employ to mitigate risk. more»