Cybercrime and the consequential loss, isn’t always material or damaged computer systems.
Mail Spoofing and Phishing – these terms do sound peculiar. Don’t be fooled or deceived by scheming emails. Mail spoofing and phishing are the most prevalent cyber frauds being committed
TThis current trend is disastrous to company owners and individuals. Technology such as anti-viruses and firewalls may secure networks, unfortunately it is not 100 % effective. It will not prevent a cunning spoofing or phishing exercise, which is performed by skilled fraudsters preying on unsuspected individuals or employees.
Have you heard of an occurrence where a person has paid an invoice to the wrong bank account? They might have received an e-mail informing them that the banking details of a regular recipient have changed. Maybe a personal assistant or employee has received an e-mail from their apparent superior instructing them to make a payment to a specified or new account? After payment was made, it was found that the recipient had fraudulently misguided them into making the transaction.
Spear phishing is a socially engineered setup, orchestrated by skilled operators who through enquiry find a person’s characteristics, likes, big events happening such as buying a new car or home, travelling plans, monthly accounts payable, behaviours and weaknesses.
An example of spear phishing: Mike is the CEO of a business and his email address is firstname.lastname@example.org. Mike is out of town and his employee in charge, Richard receives an email from email@example.com instructing him to urgently pay an invoice to a new supplier or they’ll risk the possibility of losing business. If you look carefully you’ll notice that these are two different email addresses, but at first glance they look the same. There is also a strong possibility that an assistant to the CEO wouldn’t question an urgent request for large monitory payments.
What are the preventative actions? If you receive an email resembling the nature that has been described as above, the simple straightforward answer is to call the CEO and validate the contents of their email. Ways to spot a phishing or spoofed mail is to look at grammar. Poor wording, an urgent tone, not the usual communication manner, must send up red flags. Most importantly, would this person usually use this method of communication on the subject matter? In South Africa, you can consult with your internet service provider to ensure the correct security is in place preventing mail spoofing.
Phishing and spoofing losses deem to be business risks that are uninsurable.
However, some insurers does cover certain cybercrime risks. The necessity to have appropriate risk management controls in place is hereby emphasized. Fraudulent payments such as these could result in a professional indemnity claim (if the funds transferred are that of a client, and not the business’ own funds).
It is vital that organizations have suitable processes in place to mitigate such risks. Risk management controls systems, whereby instructions are verified in writing and telephonically (using the contact details on file, and not the contact details contained on the fraudulent instruction!); as well as dual authority where there are at least two individuals who authorize transactions, will prevent a very expensive mistake.
Proper commercial insurance being in place, is of the utmost importance minimizing risk and unnecessary loss. A variety of Commercial policies, Liability Indemnity as well as niche products are available to suit your needs, and protect your assets.