Fraudsters are attempting to scam businesses by impersonating members of upper management, suppliers, partners or even members of the IT support team by email, phone or text. These scams can be financial, where the cybercriminal requests urgent payments, or to gain access to secure business networks and data.
All businesses need to ensure that employees are well aware of these attacks and mitigate for them in the following ways:
- Consider implementing additional payment verification processes
- Advise staff to phone the requesting party directly using a verified phone number
- Similarly, employees should check email addresses against company records for an exact match
- Staff should only use authorised channels to exchange sensitive business information
- Home-workers need to use a VPN to access business networks and follow all company security protocols
- Everyone should be vigilant for any payment requests that are unexpected or irregular
In addition, employees need to be aware of phishing attacks that target them personally. Cyber criminals are sending phishing emails posing as organizations such as banks, Government, the World Health Organization or other health service providers, and pretending to offer a safe haven for money or medical guidance. Their goal is to trick people into sharing personal, professional or financial information.