Call your bank today. Add these layers of protection.
Written by Mike Ritsema, President & Partner, and Rachel Dokter, Social Media Manager
Again, i3 Business Solutions is not going away on the issue of phishing and social engineering. Our previous blog discussed the same subject: phishing for email addresses and passwords, creating fake websites to request electronic transfer of bank funds.
This blog is directed at your accounting department and executives. We have seen 2 instances right here in West Michigan in the last 3 weeks:
- A local steel processing company who does business overseas thrashed internally over a funds transfer request and finally averted the transfer.
- A second local distributor who imports from China experienced a customer incident. Their customer received an email from a fake or spoofed web site. It looked real and requested the transfer of $40,000. The customer, believing their vendor’s request was real, transferred the funds. $40,000 gone!
- In our November Blog we mentioned the Verne Harnish $400,000 scam that occurred while he was in Russia. Read the description here.
How does it all happen? First a fake website is created. Then an email is sent phishing for funds transfer approval. Sometimes, key loggers collect password information and login to the actual email account on a browser. The email communication and approval to move funds are then intercepted and spoofed! Unfortunately, email dialog is no longer safe - the attackers are intercepting emails and personal information to get access to your accounts. Remember that most of us look to technology innovation to protect our companies, but technology can't prevent human error.
i3 suggests when request for funds transfers occurs, get not only an email confirmation but also a verbal confirmation to validate any transaction. Take the time to make a phone call and get the personal go-ahead. Even this is fraught with risk as demonstrated in the Harnish occurrence.
Here the i3 mandate:
- i3 Business Solutions' President, Mike Ritsema, recently met with the company's bank treasury service. He learned that for just $10 a month, an ACH Debit Block can be put into place to protect your business from unauthorized transactions. They allow you to block all electronic drafts or specify which companies are authorized to post debits to your accounts while automatically blocking those that are not authorized.
- Positive pay is another bank service that will validate electronic transactions.
These two bank services will help prevent some fraud. Education and paranoia are highly recommended.
The mandate is this: contact your bank and set up ACH block now. Fence in the accounts where your funds can be transferred. Get a verbal confirmation after the email confirmation.
Again, technology layers can’t cover all risk. Education about phishing, spoofing, and social engineering are a necessity.