No organization is too big to be hacked. It seems there are almost daily reports about large companies that have fallen victim to hackers.
In most circumstances, the hackers will gain access to the account and set up rules and additional folders through the settings that will automatically forward emails containing financial data to an outside email account. The hacker can also disguise or “spoof” the legitimate email account to send requests to known parties like accountants or back office staff instructing them to pay an invoice from the franchisee account to a fraudulent external account.
Unfortunately, these types of scams have been around a long time and likely will be a threat for a long time to come. The best defense against falling victim to this scam is awareness and communication.
The first thing we advise is to communicate with your office staff, back office staff and accountants that you will never direct payment of invoices through email. If a member of your staff or your CPA firm should receive such a request, instruct them to call or contact the source directly, either by phone or in person to verify it is a legitimate request.
Here at Antares Group, we recommend that our clients who use our Back Office Solutions services upload any invoices to be paid through our secure client portal. Our BOS staff are trained how to detect fraudulent requests for payment and have found many instances of fake emails. If they ever have a question, they will contact the owner/operator directly before submitting a payment.
We have several articles on our website outlining ways to detect phishing schemes and to protect your networks and computer systems. You can read more here, but below are some quick tips:
- Regularly change your passwords. Do not reuse passwords for critical services, and never use your internal network access password for any other service.
- Take advantage of multifactor authentication. Using a password management system like LastPass is a good way to manage various passwords and reduce the urge to use easy-to-remember passwords. For more on LastPass, read here.
- Delete any suspicious emails and ask questions later.
- Always question new vendor invoices.
- Pay attention to your clients’ or customers’ habits. Scrutinize any emails that are sent at odd times of the day or that contain misspellings or grammatical errors.
Just last week, Microsoft issued a warning that a computer bug it has now patched could be used as a cyber weapon, similar to the WannaCry virus that hit systems worldwide a couple years ago. The Wall Street Journal and Wired.com have published articles describing what happened and how this bug could impact users of Windows 7, Windows 2003, Windows XP and Windows Server 2008.
If you have any questions or would like more information about how you can protect your online accounts from being compromised, please call us.
