Compliance Insights – Phishing Attacks

Risk Management, Uncategorized

Much like you, we have noticed an ever-increasing volume of phishing emails, and while we recognize most organizations include phishing awareness courses as part of their defense, we wanted to share a few tips to help you in your efforts.

How to Recognize Phishing

Scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts. Scammers launch thousands of phishing attacks like these every day — and they’re often successful. The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in one year.

Scammers often update their tactics, but there are some signs that will help you recognize a phishing email or text message.

Phishing emails and text messages may look like they’re from a company you know or trust. They may look like they’re from a bank, a credit card company, a social networking site, an online payment website or app, or an online store.

Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. They may:

  • say they’ve noticed some suspicious activity or log-in attempts
  • claim there’s a problem with your account or your payment information
  • say you must confirm some personal information
  • include a fake invoice
  • want you to click on a link to make a payment
  • say you’re eligible to register for a government refund
  • offer a coupon for free stuff

Confirming Vendor banking changes

In addition to attempts to gain login information, scammers attempt to intercede in online payment processing by routing electronic payments to accounts they have established. By supplying falsified invoices and bank accounts, they redirect payments intended for your clients or vendors into their own accounts, then they move the money and close the false account.

These scams are often accompanied by changes to the typical banking information, so a best practice is not to rely on any information in the email or invoice before calling your client or vendor to confirm the banking change, before transferring funds or writing a check.

If you have recently (last few months) made a change to the mailing address or bank account information as directed by a vendor and have not already confirmed the change directly with the vendor via phone call, it might be a good time to start this process.