Fake emails from management staff asking for payments

Be aware of email scams where fraudsters impersonate senior staff members to deceive finance departments into wrongly transferring funds.

Apart from manipulating technical security flaws to install virus and malware, fraudsters employ another technique known as social engineering.

Social Engineering involves tricking people, by exploiting human psychology, into breaking normal security procedures and giving away senstitve data or completing fraudulent requests without staff realising they aren't talking to who they think they are talking to.

Technology alone cannot fully protect you and your business if your staff aren't aware of how they themselves can be manipulated. You are only as strong as your weakest link.

An example of social engineering

More often a Finance department is sent a fake email proporting to be from a senior member of the business, typically the MD. Fake emails are getting better all the time to look like they are genuine.

They request payment to a third party for work carried out for the business. Often with a pressured time scale.

Once paid the fraudsters quickly empty the temporary account money was transferred to.

How to defend yourself against this type of Social Engineering

• Be cautious of payments requested out of normal practice
• Treat urgent payment requests suspiciously
• Question payments requested to pay a supplier or payee you don't normally deal with
• Keep an eye out for emails which use language not normally associated with the MD or senior staff member
• Check grammar and spelling
• Review policies and train staff (especially new members) to watch out for behaviour and requests that appear at odds with normal procedures

If in doubt, #takefive and ask someone else to verify and report all instances of social engineering to Action Fraud.