Companies under attack from cybercriminals
The email from the “boss” to the employee in the book-keeping department is headed “strictly confidential”. Referring to an upcoming takeover, it instructs them to transfer a five-figure amount to a given bank account. The unsuspecting employee follows the instructions and the financial damage is done.
That’s how quickly it can happen. Companies are increasingly finding themselves in the sights of cybercriminals. Such criminals adopt different strategies, but before they target an individual employee, they spy on the company through all possible web-based channels. Then they cleverly trick the employee into either unwittingly divulging confidential company information or making payments to designated bank accounts. These new scams are called “CEO”, “fake president” or “mandate” fraud.
Like with most online fraud attacks, the best safeguard in such cases is firewalls and common sense. Secure your systems: install firewalls, anti-virus software and updates and alter log-in passwords, also in your telephone system and in all systems connected to the internet. Urge your employees to be vigilant: ask them to use their common sense if they see anything unusual. Besides increased vigilance, an open corporate culture protects your company best. Allow employees to query unusual transactions up to management level.
These other tips can help you protect your company as well:
- Check risk-prone processes such as entering and authorising payments or changing, for example, bank account or mailing address master data.
- Encourage careful social media management among your employees. They shouldn’t just casually accept contact solicited by unfamiliar persons, and they need to check whether information they post on social networks could be used against them.
- Ask your employees to be particularly cautious when handling emails: do the sender and the email address go together? Is the content of the email generally plausible? Do the links and images in the email fit the sender?
- Grant user rights only to the extent that employees need them to perform their tasks. When it comes to authorisation rights, adopt a “four eyes” approach. Avoid giving employees any individual power of attorney if possible.
If you heed these tips and regularly sensitise your employees to cybercrime, you will greatly reduce the risk of a successful fraud attack. Should you nevertheless find that you have been the victim of cybercrime, contact your bank immediately. The Association of German Banks’ new booklet “Companies under attack: cybercrime”, compiling a host of useful information and tips, can be downloaded or ordered free of charge.