Social engineering attacks such as phishing email schemes continue to be a serious threat to companies of all sizes. According to a recently released study from Duo Security, 31 percent of employees who received a simulated phishing attack clicked the link, thereby endangering the financial security of their company. One popular phishing attack requests wire transfers from employees. Attackers send an email from a hacked employee account, or a cleverly spoofed one. The recipient––often an accountant or subordinate––is conned into transferring company funds out of the company’s bank account.
The scope of the problem is greater than many businesses realize. In fact, the FBI warns that social engineering—and particularly phishing scams requesting wire transfers—are a very real problem. Attackers are becoming more sophisticated and experienced so what can you do to protect your organization? And, how can you educate your staff to differentiate a scam from the real thing?
Here are a few simple steps you can take to identify and avoid wire transfer cyberattacks:
- Implement a process that requires multi-level approvals and cross-checks with your accounting department.
- Using multi-factor authentication to verify the identity of users involved on both ends of your business transactions.
- Training , training, training! Create increased awareness by training your employees and providing them with the skills and tools to help derail phishing attempts.
Security Awareness Training
As the final bullet highlights, preparation and prevention are the best defense. Even with all other security protections in place there is no substitute for an educated staff. Creating a culture that fosters employee awareness and encourages the ability to question red-flag requests provides the best chance for eliminating attacks before they become a problem. You can start by teaching employees how to identify potential social engineering attacks, hosting regularly scheduled lunch tutorials, or publishing an e-newsletter to help educate your staff.
Don’t assume your employees know better. Even when cybercriminals aren’t making headlines, sophisticated attacks are on the rise. Security experts and the FBI warn: the best way to combat phishing email is through processes and procedures that provide double checks as well as training your staff on what to look for and what to do. A professional third-party security firm with training experience is your best ally in properly educating and informing your staff.