You’ve probably heard about spear-phishing and you’ve certainly heard about funds transfer fraud. What many businesses don’t realize, however, is how prevalent and damaging these cyber attacks can indeed be. According to a 2022 Cyber Claims Report by Coalition, losses from funds transfer fraud (FTF) increased 69% from 2020 to 2021 and are forecasted to continue exponentially throughout 2022. Alarmingly, initial losses from FTF among small businesses increased 102% to more than $309,000 in the second half of 2021. Fortunately, there is hope, and small businesses can protect themselves with the correct knowledge and approach. However, before we find out about the solutions, let’s learn more about how spear phishing and funds transfer fraud work.
Forewarned is Forearmed – How Spear Phishing Works
Firstly, this has nothing to do with the ocean, spears, or sea creatures. Spear phishing, as opposed to spearfishing, is the primary method of funds transfer fraud and indicates a much more focused approach than general phishing. The method involves hackers gaining access to a mailbox to determine what emails are commonly sent to the user and then using fraudulent techniques to lure the user to funnel payments to the fraudster. For example, spear phishing emails are sent to targeted or random inboxes with the hope of finding someone who’ll click on a link or open an attachment. This is especially useful when the user is busy or distracted.
Sometimes, the emails are very fake and are easy to spot with incorrect grammar, misspelling, or other telltale signs. However, the latest phishing emails may seem quite legitimate – we explore these tactics further below. Your employees should be presented with opportunities to learn about the latest spear phishing tactics and how their actions can negatively impact the organization. Training employees to help identify and report fraudulent emails also helps your IT staff monitor the network more effectively.
4 Common Spear phishing Techniques
Emails can come in all shapes, sizes, topics, and tones, but these are some more common approaches that spear phishing criminals use.
- Confirmation of login credentials – A prevalent approach is to pretend to be IT service provider, cyber security representative, or internal staff such as HR. Fraudsters then persuade employees to reconfirm or change their login credentials, providing full access to the system.
- CEO Fraud – Scammers either hack the CEOs (or other senior staff) email addresses or pretend to be them with a fake email address. Since most people don’t communicate directly with the CEO, this can be deceptive. The “CEO” then uses their seniority to manipulate an employee into defrauding the company.
- Links and attachments from familiar senders – Most of the time, all scammers need to access an entire system and perform transaction fraud is a simple click or opening of an attachment. Malware can enter the network and cause severe damage.
- Employees may receive an email from a known sender who needs additional information or help. Often these senders have been netted from a previous attack wherein the phisher has found common email senders to the particular email address or network. This will often be a regular supplier and a problem that might seem credible.
4 Ways to Protect Your Business & Employees
Funds transfer fraud and spear phishing are malicious and potentially damaging, but there are a few ways to ensure that your business remains safe.
- Double Check Email Addresses – Scammers will sometimes use email addresses similar to regularly received emails. By double-checking each email address letter, employees will be able to pick up discrepancies and identify a scam attempt.
- Be Careful When Clicking And Opening – Links and attachments are common ways to gain access to networks. As such, caution should be exercised when unfamiliar or even familiar email addresses are suddenly sending links to click on attachments to open.
- Set-Up Cyber Security Measures – Cyber-security is essential. Businesses of all sizes should have security options to mitigate risks posed by spear phishing and a host of other security issues. Be wary of DIY online research. There are plenty of charlatans out there, and some of these cyber criminals even pose as online security experts.
- Consult With A Dynamic Technology Service Provider – It would be best if you had expert advice to give you a good indication of your network and security weak points and suggestions for improvements or alterations to your network. Conscious Network provides a free initial consultation to assist with these initiatives.
Phishing Training & Education
Training and educating your employees and/or users is key. Cyber criminals are constantly changing their tactics so it’s important to keep your users informed. Many organizations launch routine phishing campaigns to identify users who need further training and/or to educate users on common mistakes.
Funds Transfer Fraud & Callback Verification
Many industries that are in the financial sector, in particular, are implementing callback verification processes for confirming by telephone that an invoice, payment request or other transfer of funds is authentic. The callback number and procedure are well established and communicated separately from electronic documents. This process can be immensely helpful for any business that routinely deals with funds transfers.
Conscious Networks believes in providing organizations with a holistic approach to technology. The security solutions that we recommend take into consideration the current and future needs of a business, while facilitating safety, efficiency, and growth. Contact us today to get a free assessment and star working with a technology provider you can rely on!