(R Mueller - FBI Director, 2012).
We urge our clients and those engaging in online business to be extra vigilant as online criminals are becoming more and more sophisticated in finding ways to access businesses online banking and business sensitive information.
Those who regularly receive invoices from a number of sources are at particular risk. Through the sending of fake invoices (a process known in the cyber industry as spear phishing) from what can appear to be a legitimate supplier the fraudsters trick you or your employees into opening the invoice which can have a detrimental impact on your business and your whole supply chain.
- Be wary of any unexpected / unusual requests from suppliers.
- Check basic company information / logo on the invoice.
- Cross reference the supplier on the fraudulent invoice with your CRM (Customer Relationship Management) software and Accounts Software (eg. SAGE / Xero) for legitimacy– However this is not a failsafe as the fraudsters may have sent it from one of your supplier’s accounts.
- Check the invoice has come from the regular point of contact at the supplier.
- The invoice will ask you to enable a macro – don’t! By enabling the macro you are essentially opening the flood gates and your whole network could get infected.
- Call the supplier to check if they are aware of the situation and if they have been given any advice.
- Ensure you have a firewall in place to detect any malware and prevent data being stolen.
- Inform your employees and customers to be wary of the potential threats.