- Created: Tuesday, 20 August 2019
- Written by Ella Coles
One of the fastest growing IT challenges businesses face today is the number of bank transfer fraud attempts. Below is an example of how a fraudster will carry one out:
- Scout out your business online - your website, linkedin etc
- Make a sales enquiry to obtain your branding
- Sign up for a free email address using your business owner’s or key employee’s name and setup an identical email signature
- Start an email conversation with one of your accounts team, usually something simple to get an email conversation going
- If their target replies, they reply with an urgent request, something like an overdue invoice, to make a transfer to the fraudsters bank account.
If anyone were to check the actual email address they would realise that the email didn’t come from the right address, but most email clients only show the display name, not the email address. These emails, done the right way, are virtually undetectable by spam filters.
How can you protect your business?
If you use Office 365 one method is to setup a transport rule as per this Microsoft blog post
If you use Google G Suite follow the "Turn on spoofing and authentication protection" section on G Suite Admin Help: Advanced phishing and malware protection.
Better still, get us to do this for you and continue to protect your business against this and other risks