It All Came Down To Human Error!
Three staff members at a Canadian university were tricked into transferring a total of $11.8M into a fraudulent account.
The fraudsters were able to create a similar website with a domain that resembled one of the university’s major suppliers. The fraudsters then contacted the university via email regarding payment and informed the university of a change in the vendor’s banking information. The fraudsters asked the university to transfer money to a new bank account controlled by the fraudsters. Three university staff members issued payments in three separate transactions, totaling $11.8M.
It All Came Down To Human Error!
People:
Train employees to learn how to identify suspected phishing emails. With the training, include examples of fraudulent sites that resemble the real business. Show them how images are duplicated of a legitimate company. Test them. Have them pick out emails from fraudsters; phishing emails usually have something noticeable such as a typo or mis-spelled word or they use a webmail address.
Process:
Be sure to use a system of checks and balances to ensure no one person has control over all parts of a financial transaction.
Require Accounts Payable to verify any changes in vendor bank account information with a previously approved vendor telephone contact.
Technology:
Make sure your computer is protected with a good antivirus/firewall. And be sure to have the most recent update on your operating system and web browsers.
Make Sure Your Clients Take a Proactive Approach To Protecting Their Business Should a Loss Occur
Make sure your clients have crime insurance. Take the steps to ensure that your clients are covered by calling Berkley Crime.