By Ryan Emerick, Client Experience Manager, Kite Technology Group
Within all types of businesses, payment frauds pose a serious risk to your bottom line. Attacks related to wire transfer or email and invoice phishing are on the rise as hackers look for an easy method to get payment from unsuspecting victims. In addition to mistaken payment to these cyber-criminals, fake invoices are the #1 disguise for distributing malware programs involved in ransomware and other system compromises. Here at KiteTech, we have seen a measurable increase in the number of fake payment requests sent out by scammers. In the age of working from home for a larger number of users, ensuring payment reaches only legitimate vendors is an area of critical importance to organizations of all sizes. Here are some ways to help recognize this type of fraud and stop it before it occurs.
1. Is the Source Legitimate?
Be suspicious if you are asked to pay or update information. Phishing emails with invoice or payment information requests may look like they’re from a company you know or trust. They may look like they’re from a bank, a credit card company, a social networking site, an online payment website or app, or an online store. The logo and headers are often copped from a real vendor but this can be spoofed so that it actually redirects to a malicious location looking to steal your data and payment.
2. Are You Expecting a Bill?
Fake invoice scams take advantage of the fact that the person paying the bill may not know whether any product or service has actually been purchased. Instead of confirming with the vendor directly or a knowledgeable coworker, recipients either quickly make decisions about requested payments and often go ahead with payment to a false vendor. If you are not expecting a bill or are unsure of the reason for payment, it is always better to get confirmation and full knowledge of the origination instead of making an assumption and approving a transfer.
3. Is it Accurate?
Often wire fraud and invoice fakes use an address very similar to a legitimate resource with a few letters or numbers switched in their website or information. Carefully review the URL and domain of any digital payment to check for discrepancies. In addition, payment based scams often fail to clearly state what the bill is for. If unsure of the validity, it is always best to call the company in question directly in order to ensure that the invoice originated with a real organization and not a criminal.
4. What Payment Method is Being Requested?
It is important to not provide ACH / Wire transfer information in any case where a request is suspect. The FBI reports that over $3.5 billion in losses occurred in 2019 alone related to phishing and cyber-crime payments. If the sender claims that there has been a change in the payment method, check how previous invoices were issued. Were they by regular mail, email, or another method? Were previous payments done via credit card, but now they want you to make a bank transfer? While credit card fraud is also very serious and users should take care with providing this information, a bank transfer is much more difficult to trace and recover lost payment from. Criminals are getting more sophisticated in their methods and the ways that they request payment fraudulently. Wire Transfer fraud is estimated to be the fastest-growing form of cybercrime in the U.S. with a 480% uptick in reported complaints between 2017 and 2016 alone. The best way to prevent losses is to call and verbally approve all Wire and Bank transfer charges with the authorized parties inside of your organization and within the vendor requesting payment. Taking the time to diligently verify payment requests as they are made is well worth the time investment to protect your business.
With wire and payment fraud being on the rise, it's more important than ever to make it a priority to educate your employees so that they will be able to recognize and avoid these and other types of attacks. Implementing a company-wide Security Awareness Program that trains and tests your employees' ability to recognize cyber-attacks is strongly recommended. Contact us today, to learn how Kite Technology can help you implement an effective Security Awareness Program in your organization.