Mega Metals, Inc. recently learned a costly lesson according to the Wall Street Journal. A $100,000 lesson in fact. This family owned small business employs 30 people and does business with vendors overseas. This past April, after transferring $100,000 to a vendor in Germany, they received a phone call from that vendor stating that they still owed payment.

How did this happen? That was the question that George Kurtz, from CrowdStrike Inc., and Mega Metals Inc. leaders wanted answers to. Kurtz discovered that although the purchase was legitimate, the email system had been compromised allowing the hackers to have access and essentially reroute the funds.

Mega Metals, Inc. is not the only company to make such an expensive mistake. Other businesses, a majority being small businesses, have received similar emails with instructions to transfer money. From late 2013 to mid-2015, over $1 billion dollars in losses have been associated with such email scams.

Don’t be the next victim! Protect your company by following these suggestions:

1.    Read the email address VERY carefully. Notice the difference? mritsema@i3bus.com vs. mristsema@i3bus.com Cybercriminals will add or subtract a letter in the email address. Only if the receiver reads it carefully will they notice the difference. It is also quite tricky because they will have replicated the company’s information and/or the typical email format.

2.    i3 recommends that you verify the email requests received. Update your policies and procedures to include a two-step verification process for all wire transfers. For example, Mega Metals now calls the vendors to confirm the request. An important detail to remember is to not call the telephone number in the email message. Be sure to call the number from their website, business card or previous verified emails.

3.   Don’t forget to pass this alert along to educate your employees, especially those employees who deal with wire transfers on a daily basis. Ensure that they are educated about the variety of scams that are likely. If they are not sure about a specific email, encourage them to ask you or another employee before taking any action.

Or perhaps you could take after James Veitch, a comedian, and waste the hackers’ time. Read his emails here.

In all seriousness, though, be careful what emails you open and how you respond to them. Be on the lookout for such fraudulent requests. In the end, it will save you thousands of dollars.

Michael Ritsema
i3 Business Solutions, LLC 

Get in touch with i3 Business Solutions today

At i3 Business Solutions, we use the best technology to partner with local businesses to transform IT departments and improve business productivity. Contact us here or fill out the form below:
  • Hidden

Published with permission from TechAdvisory.org. Source.