The FBI has issued an alert regarding a growing account takeover email scam targeting businesses. To perpetrate this scam, fraudsters are intercepting unencrypted emails between businesses and their vendors or suppliers. Once intercepted, the man-in-the-middle poses as the vendor/supplier in an attempt to re-route payment for products or services. The business will receive an email from the phony “supplier” stating that the bank account information normally used is no longer valid and provides updated account information. The unsuspecting business owner then re-directs payment to the account information provided by the fraudster.
To reduce the likelihood of falling victim to theses types of scams, businesses are encouraged to:
- Establish multi-layer authentication procedures, particularly for large transactions. Having a second layer of authentication outside of the email chain, such as a telephone call or fax, may help you confirm that you are working with your actual vendor/supplier and that your emails have not been intercepted;
- Use digital signatures on e-mail accounts;
- Avoid using free, web-based e-mail for business purposes. Establish a company website domain and use it to create company e-mail accounts in lieu of free, web-based accounts;
- Set up a system for sending secure, encrypted email;
- Avoid using the “Reply” option to respond to business e-mails. Instead, use the “Forward” option and type in the correct e-mail address to ensure you are sending the email to the correct vendor;
- Delete unsolicited e-mail (spam) from unknown parties. Do not open spam e-mail, click on links in the e-mail, or open attachments;
- Be alert to sudden changes in communication with your suppliers or vendors. If you are contacted by a representative or email account you do not recognize, reach out to the vendor using a verified communication method to confirm that the correspondence is legitimate;
- Conduct financial transactions on a dedicated computer. Malicious software often gets into systems through online activities such as web surfing and email. Using a computer exclusively for financial activities means decreased vulnerability.
It’s more crucial than ever that businesses stay abreast to evolving trends in cyber fraud as attacks become increasingly difficult to detect, monitor, prevent, and shutdown. Having a security plan in place can help businesses avoid falling victim to these types of scams and minimizing exposure if they do.
For more information about protecting your business, please visit http://www.business.ftc.gov/ or http://www.bbb.org/data-security/.
If you have any questions about this scam or are concerned you may have been targeted, please contact us in the manner most convenient for you.
