Cyber security is more important now than ever before, and unfortunately, fraudsters continue to creatively find ways to cheat companies out of money. As a result, employees at every level must constantly be on high alert.
One vehicle for fraud that should be at the forefront of everyone’s mind is email. Email is an essential form of communication in the business world, and bad actors continue to exploit this. One craftily-worded email could be the first step to a business losing tens (or hundreds) of thousands of dollars.
What do these email scams look like?
While there are the more obvious examples of email scams—like an unknown sender telling you to click the link below to claim your prize—some are more subtle. And, they often appear to come from someone you know.
For example, you may receive an “urgent” email from your boss’ email address that instructs you to wire out a large amount of the company’s money to a specific account. If you send the wire without first doing your due diligence, you might find out the next day that 1) your boss’ email account was hacked, and 2) your likelihood of recovering that money is minimal.
Or maybe you get an email from a vendor saying that they have changed the way they take payments. There might be a link to their new payment portal or they may provide you with updated account information for future electronic payments. This is a vendor you communicate with all the time, so why would this time be any different? You go ahead and start sending payments per the instructions provided, just to find out weeks later that you’ve been sending your payments to a fraudster who hacked that vendor’s email account.
Questions to ask
Whenever you receive an email regarding any type of financial transaction, ask yourself these questions:
- Who is the sender? Can you verify it came from him/her and is it someone from whom you would expect to receive emails on this subject?
- Is the style of writing consistent with the sender’s style of writing? Does anything appear unusual about the tone, spelling, or urgency of the email?
- Is the request out of the ordinary?
- Have other co-workers received a similar email?
Verification is just one call away
One practical way to protect your company is to implement a company policy that requires a call-back verification for certain types of payment-related functions. For example, if Melissa in Purchasing emails payment information to Accounts Payable, someone from Accounts Payable should call Melissa to confirm the authenticity of her email. And if you’re communicating with a vendor, make sure you use a phone number that you know—with 100% certainty—belongs to the vendor. Don’t rely on the phone number that was included in the email.
In today’s electronic, fast-paced world, it can be tempting to overlook red flags. But, by reviewing internal procedures and educating our teams, we can mitigate our risk with these kinds of targeted email schemes.
About the Author:
Blake Dotson is a treasury management specialist at Central National Bank. When he isn’t writing blog articles or fixing check scanners, he enjoys spending time with his wife and two children, and he loves ALL things Baylor sports.