Cyber criminals can use compromised email accounts to defraud your business. Using compromised business email accounts, criminals attempt to identify customer, vendor, and employee email information from the email history. Criminals then impersonate the owner of the compromised email account and attempt to exploit and defraud the email contacts by sending emails containing fraudulent invoices or payment instructions. In many cases, the criminals are requesting that the recipients send payments via wire transfer. Consider the following tips to help protect your business:
1. Educate your employees. You and your employees are the first line of defense against corporate account fraud. A strong security program paired with employee education about the warning signs, safe practices and responses to a suspected fraud are essential to protecting your company and customers.
2. Protect your online environment. It’s important to protect your cyber environment just as you would your cash and physical location. Avoid the use of unprotected internet connections. Encrypt sensitive data and keep updated virus protections on your computer. Use complex passwords and change them periodically. See our previous article for more information on creating strong passwords.
3. Use your bank’s services to help prevent unauthorized transactions. Talk to your bank about programs that safeguard you from unauthorized transactions. Many banks offer call backs, device authentication, multi-person approval processes, batch limits, or other services to help protect you from fraud.
4. Pay attention to suspicious activity and react quickly. Look out for unexplained account or network activity, pop ups and suspicious emails. If detected, immediately contact your financial institution, stop all online activity and remove any systems that may have been compromised. Keep records of what happened.
5. Understand your responsibilities and liabilities. The account agreement with your bank will detail what commercially reasonable security measures are required in your business. It’s important that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from fraud. Talk to your bank if you have any questions about your responsibilities.
For additional information on protecting your business from account fraud, you can visit the following websites:
- S. Chamber of Commerce: Internet Security Essentials for Business http://www.uschamber.com/issues/technology/internet-security-essentials-business
- Federal Communications Commission: Small Biz Cyber Planner http://www.fcc.gov/cyberplanner
- Federal Communications Commission: 10 Cybersecurity Strategies for Small Business http://www.uschamber.com/sites/default/files/issues/defense/files/10_CYBER_Strategies_for_Small_Biz.pdf
- Better Business Bureau: Data Security Made Simpler
- NACHA – The Electronic Payments Association Corporate Account Takeover Resource Center