Phishing, emails baiting recipients to click a link allowing for corruption of data, virus intrusion, or ransomware, is the most used method of cyber attacks today. It comes in all different forms: emails masked as a purchase receipt from an online retailer like Amazon, a bill from a vendor, etc.
The most recent epidemic has been labeled as "Social Engineering Fraud" which is fraud that occurs when an employee is intentionally misled into sending money or diverting a payment based on fraudulent information that is provided to them in written or verbal communication such as an email, fax, letter or even a phone call.
Over 100,000 people are affected by social engineering attacks each day with 43% of attacks focusing on small business according to Symantec Internet Security Threat Report and Hillard Heintze The Front Line Report.
We have seen two scenarios in the past few weeks where an employee of a company received an email appearing to be from the President, CEO or CFO requesting a wire transfer. Only after closer investigation and verbal communication were the emails determined to be fraudulent. Our agency has even been victims of this form of Cyberattack.
Awareness by your staff of these types of threats is critical to cybersecurity and may be your best line of defense. No employee should click email links without being certain of their validity. The best risk management protection for Social Engineering Fraud is in-person or verbal confirmation of any money transfer request, no matter the amount.