Large Social Engineering Loss Makes Headlines!

It All Came Down To Human Error!

Three staff members at a Canadian university were tricked into transferring a total of $11.8M into a fraudulent account.

The fraudsters were able to create a similar website with a domain that resembled one of the university’s major suppliers. The fraudsters then contacted the university via email regarding payment and informed the university of a change in the vendor’s banking information. The fraudsters asked the university to transfer money to a new bank account controlled by the fraudsters. Three university staff members issued payments in three separate transactions, totaling $11.8M.

Read the full story here.

It All Came Down To Human Error!

Train employees to learn how to identify suspected phishing emails. With the training, include examples of fraudulent sites that resemble the real business. Show them how images are duplicated of a legitimate company. Test them. Have them pick out emails from fraudsters; phishing emails usually have something noticeable such as a typo or mis-spelled word or they use a webmail address.

Be sure to use a system of checks and balances to ensure no one person has control over all parts of a financial transaction.

Require Accounts Payable to verify any changes in vendor bank account information with a previously approved vendor telephone contact.

Make sure your computer is protected with a good antivirus/firewall. And be sure to have the most recent update on your operating system and web browsers.

Make Sure Your Clients Take a Proactive Approach To Protecting Their Business Should a Loss Occur

Make sure your clients have crime insurance. Take the steps to ensure that your clients are covered by calling Berkley Crime.