Sydney hospital loses $2 million in alleged BEC fraud
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
With the best software, firewalls and spam filters installed, you may believe you are protected from cybercriminals. Think again! Even tech giants like Facebook and Google have been recently scammed by a fast-growing threat known as business email compromise (BEC). BEC relies on the oldest trick in the book: deception.
Since employees are usually the target, equip them with the skills and tools to spot threats and respond effectively.
Don’t just rely on email. Encourage employees to actively verify money transfer requests, for example, by walking into senior executives’ offices or by speaking to them directly on the phone.
Have systems in place to validate all changes in vendor payment details. If this is done by phone, ensure previously known phone numbers are used, not those in the email request.
Independent third-party verification systems such as EFTsure’s “Know Your Payee” Solution automate payment checking and supplier verification, saving time on manual processes and reducing human error.
The FBI advises establishing intrusion detection system rules that flag emails with extensions that are similar to company emails. Also create an email rule to flag email communications where the “reply” email address is different from the “from” address shown. And introduce colour code virtual correspondence so emails from employee/internal accounts are one colour and emails from non-employee/external accounts are another.
Tools exist to help you assess how vulnerable your company is to phishing and malware and where improvements should be made.
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.