Fake Invoice Attacks: How To Detect (And Defeat) Them
An international cyber-attack sends victims a bogus invoice that appears authentic enough to dupe most employees. It's an old fraud that used to involve invoices being faxed or sent in, but it's now digital and on the rise.
It's like an email warning you that your domain is about to expire, only it's not from your server and your domain isn't about to expire. These new assaults are more sophisticated in that they often come from contractors or suppliers you really use. Incorrect spelling and grammar may be used in logos that allude to actual work or invoice numbers. The sender name might even be a regular business contact or even a coworker, since fraudsters can "spoof" actual accounts and real individuals. While it's concerning that they know enough about your company to pull off such a convincing deception,
Redirect of Payment
Payment should be sent to a specific account, with a courteous letter regarding the new information, or a payment link directly to the new account. By resolving the invoice, your accounts payable employee unknowingly sends firm funds abroad. The issue is generally found when the true supplier's invoice arrives or when an audit flags the transaction. Even if you catch it soon, transnational cybercrime makes it difficult to recover cash.
The Malware Click: Instead of stealing money immediately, this assault asks your employee to download an invoice. The email may even seem like one from QuickBooks or Xero, making the click appear secure. As soon as your employee clicks the link, ransomware or data breaches are downloaded. In most cases, an updated anti-virus will stop the attack at that point, but not always. Aware malware can quickly get into your computer and stay there until it's noticed or activated.
Keeping Safe
Awareness is the key to avoiding business-impacting assaults. Keep your anti-virus and spam filters updated to reduce the possibility of these emails getting through. Then consider developing easy payment mechanisms. Checking bills against work orders, designating a single administrator to restrict account access, or even two-factor authorization for payments are all options. Preventative measures like lingering over links before clicking and immediately checking that they seem proper can assist. Contractors and suppliers are also included.
Conclusion
So, if you need help finding the best MSP for your business, give me a call. Also, if you need ITSM processes and policies for MSP management, check out the ITSM Rhino.