Becoming Cyber-Sophisticated: Spear Phishing Prevention Tips for Your Business
December 29, 2015
Have you or any of your employees received an email requesting that you transfer funds to a bank or vendor? Did you transfer the funds to only find out later that the email was a fake and now the funds are gone? If so, you, like so many others, were the victim of a Spear-Phishing Attack!
Spear Phishing, also known as Social Engineering Fraud or Fraudulent Impersonation, targets a specific individual via email with the intent of deceiving the individual into transmitting funds, releasing confidential information, etc. In most cases, once the funds have been transmitted, it is extremely difficult to recover them.
So how does this happen? The criminals, who are generally located outside of the United States, target corporate executives and gain access to their emails. They make minor changes to the executive’s email address and then send an email to an employee requesting that funds be wired. This has cost corporations millions of dollars in not only the loss of the funds, but also the investigation and potential litigation costs.
Insurance coverage is available for this type of fraud. It is generally provided by way of an endorsement to your Crime Insurance policy. While purchasing the insurance is advisable, the best defense to a claim like this is prevention.
Spear Phishing Prevention Tips
So how do you prevent becoming a victim of Fraudulent Impersonation? The following are some suggested practices for mitigating these types of losses.
- Education and training are the number one avenues to risk mitigation.
- Develop procedures requiring two or more employees to sign off on any wire transaction.
- Prior to transmitting funds to a new bank or vendor, a telephone call must be made to the original bank/vendor and specifically to a previously established contact.
- Provide frequent communication to employees regarding Social Engineering Fraud and what to do if an employee suspects suspicious activity or a potential attack.
- Conduct third party computer network penetration testing on a regular basis to monitor the effectiveness of the corporation’s controls, training, etc.
It is highly unlikely that Social Engineering Fraud will lessen. In fact, it is projected to increase in both frequency and sophistication. But knowing what it is, how it is perpetrated and how to avoid it will help your organization from becoming a victim to it.
Philadelphia, PA, 19102