12Oct

Large Social Engineering Loss Makes Headlines!

It All Came Down To Human Error!

Three staff members at a Canadian university were tricked into transferring a total of $11.8M into a fraudulent account.


The fraudsters were able to create a similar website with a domain that resembled one of the university’s major suppliers. The fraudsters then contacted the university via email regarding payment and informed the university of a change in the vendor’s banking information. The fraudsters asked the university to transfer money to a new bank account controlled by the fraudsters. Three university staff members issued payments in three separate transactions, totaling $11.8M.

Read the full story here.

It All Came Down To Human Error!

People:
Train employees to learn how to identify suspected phishing emails. With the training, include examples of fraudulent sites that resemble the real business. Show them how images are duplicated of a legitimate company. Test them. Have them pick out emails from fraudsters; phishing emails usually have something noticeable such as a typo or mis-spelled word or they use a webmail address.

Process:
Be sure to use a system of checks and balances to ensure no one person has control over all parts of a financial transaction.

Require Accounts Payable to verify any changes in vendor bank account information with a previously approved vendor telephone contact.

Technology:
Make sure your computer is protected with a good antivirus/firewall. And be sure to have the most recent update on your operating system and web browsers.

Make Sure Your Clients Take a Proactive Approach To Protecting Their Business Should a Loss Occur

Make sure your clients have crime insurance. Take the steps to ensure that your clients are covered by calling Berkley Crime.