This week sees the gradual return to the office with the easing of restrictions and while many companies will adopt fully remote or hybrid working, many more look forward to having their teams back in the office. Cybercriminals tend to take advantage of any situational changes and we are already seeing an uplift in scams.
As we become more cyber-aware the cyber-criminals are becoming more innovative and one area that is of particular concern is the reported incidents of criminals infiltrating legitimate email addresses, email threads and mobile SMS messages? The latter I witnessed only last week when my wife received a text message purporting to be from her bank to warn her that they had noted suspicious activity in her account. The message was in a thread of legitimate messages she’d received over time from her bank but thankfully she had the security awareness to pause and not immediately take the action demanded in the message. In this case, the poor grammar and use of American English by the Irish bank threw up a red flag, but it would have been very easy to have been caught out by this.
A similar type of fraud whereby scammers infiltrate a legitimate email address or thread has been around for a couple of years but appears to be on the rise. Often referred to as Salary Mandate Fraud, this type of fraud targets individuals in your companies HR, payroll or finance department with the intention of successfully transferring your employee’s salary into a fraudulent mule account.
There are times when people change bank accounts but given the volume of recurring payments and direct debits set up on any given account, it isn’t all that common and so you should treat any request of this nature via email or text message as suspicious. This can easily be verified with the employee through direct contact.
Below is a mock-up of a typical fraudulent email courtesy of The Bank of Ireland, ThinkBusiness.ie
What should you do?
What we can do to help
We can assist you in building a culture of Cyber Awareness at your organisation. We are currently offering a Free Human Risk report and a free 14-day trial of our Human Risk Management service that includes, Cyber Awareness Training, Simulated phishing campaigns and email breach analysis. To learn more please visit our website or just email firstname.lastname@example.org and we’ll get right back to you.