A few weeks ago, I wrote about a scam hackers are using against college kids- stealing their scholarship dollars. And, how one of my kids was scammed into giving up his access to a social media site.
Well, this week (actually a few weeks ago- when this was written), I had a client call informing me that they had a high five figure diversion from their bank account. It took a while to figure out how this happened- and we weren’t able to get the money back. It is entirely possible this client may fold before the end of the year.
How did it happen? A phone call came in, with the caller claiming he was a reporter for the [name withheld on purpose] and had a tight deadline. He was asking about a competitor, who was purchasing a smaller supplier in the field. The reporter wanted to know if the CEO (what’s his name again?) had any comment about how that acquisition will change the marketplace? What about the CFO (what’s his name again?)- could he amplify that statement? In other words, the caller (who was clearly NOT a reporter) obtained a bunch of vital information from the unsuspecting assistant. (Neither was the competitor purchasing a smaller supplier in the field.)
About a week later, a spoof eMail arrives in the assistant’s eMail box, purportedly from the CFO and the CEO, wanting to know why XYZ’s invoice wasn’t paid yet. And, it needs to be paid promptly- or they won’t deliver the next shipment and the firm will fall desperately behind in our schedules.
You guessed it- the money got transferred.
This sort of scam is on its way to being the biggest fraud vehicle against firms. Five years ago, less than 1 in 5 firms had been so attacked. Now- 1/3 of the attacks come via this methodology. Because our antivirus and antibot systems and training are taking hold.
(It doesn’t have to be a reporter. It could be a “claimed” remote co-worker, calling in asking for information and/or help. [“Are you at your desk?” “Could you share how you do this?”] Or, from a domain that is remarkably similar to ours, and we don’t pay enough attention. (Say from Adjuvancy.net instead of Adjuvancy.com- which is why we buy up all such domains, hoping to stop this sort of chicanery.)
Social engineering (as it is termed) has the hacker trick employees into sharing vital corporate data; the data is then used to carry out an attack, after the hackers have assessed the weaknesses in the corporate structure. It may involve a sophisticated phishing eMail or a phone call.
And, these ruses work because of our belief that they are real. The questions prey on our psychological authentication. They’ve got our bosses name, our bosses’ boss, so we let down our guard.
Well, now you’ve been warned. Keep your guards up!
Speaking of keeping your guard up- have you examined how the new tax law is going to affect you? Well a great resource (if I say so myself) is my new book that explains the Tax Cut and Jobs Act. There’s a Kindle and a paperback edition. Reasonably priced to let you get a leg up on the new law. And, then, there’s my offer- but the paperback (and a few other easy things), and I will examine your financial records to see what you can still do (before it’s too late) to ensure you pay the lowest taxes required by law.)
Is nothing sacred any more?!?! UGH!
Paul Taubman recently posted..How to Get On Top of Your Emails
Now, there’s a thought. Keeping these things sacred…
This is one thing I’m very cautious about, I never give info out over the phone and when companies or anyone claiming to be from a company needed information, I would tell them to send me an email or fax. Then I would investigate to see if it’s real or fake. A few years ago a scam was going around FB for a free laptop, I tried to warn people about that but some didn’t listen. Now they are out thousands of dollars, which for the average person going for this “offer” is a lot of money to lose. People need to keep their guard up on everything now-a-days.
Touche, Martha! Those sound like sound principles. And, if you stick with them, you should be safe (as long as those with whom we transact business take similar careful steps, too!)
Roy, so sad for your client..:(
But yes, I double check and triple check sources of emails and messages, and like Martha, when people ask for too much information over the phone, which is anything more than my name :), I ask them to send me an email,and many times that email never comes to my inbox..
I ask for snail mail. Since I don’t want any more messages in my inbox, Vidya!
Nice post. I learn something new and challenging on sites I stumbleupon on a
daily basis. It’s always helpful to read through articles from other authors
and practice something from their web sites.
Pro HD Garcinia Review recently posted..Pro HD Garcinia Review
Thanks for the visit- AND the comment.
Thank you for any other informative website. Where else may I am getting that kind of
info written in such an ideal means? I have a project that I’m simply now running on, and
I’ve been on the look out for such info.
Skincare Panama Cream recently posted..Skincare Panama Cream
Thanks for the visit- and your outstanding comment!