While this threat is not new (we first wrote about it over a year ago), it is still happening. So, we wanted you to be aware of it. It’s called “whaling” and is not spam. Hackers learn your name, title, company, email, and names of other executives in the organization.
There are a couple of variations, but here is one of the most common scenarios: The CFO or controller gets an urgent email from the CEO with a reason for why money needs to be paid quickly. The CFO is told to wire money to a specific account before the end of the day. The account belongs to the hacker and once it is wired, it is nearly impossible to get back.
How does the hacker pose as the CEO? Hackers spoof the email, which means they make it look like it comes from someone that it does not. And while some systems can protect against spoofing, none are 100% accurate at identifying spoofed emails. Or in other cases, hackers have gotten access to the actual executive’s email.
While email has become a common form of communication in business, it is worth the extra effort to make sure that payment of funds are legitimate. To help combat this risk, we recommend that companies set up a process for verification for any financial transactions sent via email or text.
As security software gets more sophisticated and more companies use it, hackers are turning to tricking users as their easiest way to get through IT security. It is worth figuring out how to protect your organization.
Improving Your IT Security
If you would like guidance on implementing IT security best practices, we would be glad to help. Skyriver IT makes implementing and staying current on IT best practices easy. Contact us to find out how you can improve your IT security.