BBB: What should you do if your organization has lost money to a BEC fraud?

 
What should you do if your organization has lost money to a BEC fraud?
 

According to the Better Business Bureau study of Business Email Compromise Scams:

  1. If an organization finds that it has been a victim of a BEC fraud, it needs to immediately call its bank to stop the payment and report it to the FBI in the U.S. or the Canadian Anti-Fraud Centre in Canada. If a report is filed within 48 hours, there is a chance the money can be recovered.

  2. Complain to the FBI’s Internet Crime Complaint Center. IC3 also asks people to report unsuccessful BEC attempts as well. Information from attempts may help establish patterns or identify mule bank accounts.

  3. Complain to the Canadian Anti-Fraud Centre: 1-888-495- 8501.

  4. Report fraud to BBB Scam Tracker.

We are recommending two more:

  1. If the threat impersonated the IRS: phishing@irs.gov.

  2. Vendor Maintenance Training to protect against fraudulent payments:

New Scam Alert: Don't Fall For Phishing Scam for Amazon Overdue Bills

Amazon Web Services Scam.jpg

The scam email claims to be from Amazon Web Services and uses a realistic logo and font to inform users their "services have been suspended." The overdue amount is a middling $4.95, and clicking the link to take care of it transports you to a landing page with space to enter your Amazon account information. Once entered, you're kicked to the real Amazon.com.

By then, hackers already have your Amazon username and password.

Komando has the full story here.

6 Phishing Attacks and How to Combat Them

6 Common Phishes.jpg
  1. Deceptive Phishing

  2. Spear Phishing

  3. CEO Fraud

  4. Vishing

  5. Smishing

  6. Pharming

Have you heard of all? Do you and your staff know how to combat? Tripwire has the full story here.

If you work in Accounts Payable, check out my Authentication Guide to authenticate vendors when they call on the phone or send an email.

New Scam Alert: Fake Voicemail Notifications in Email as Bait

New Scam Alert:  Fake Voicemail Notifications in Email as Bait.jpg

Scammers try to access Microsoft services using fake voice message. Make your employees aware not to click the link that will request a sign-in to a phishing site to steal their Microsoft credentials.

Kapersky daily has the story http://bit.ly/2ojuYc9

October 2019 National Cybersecurity Awareness Month

Debra R Richardson, LLC is a National Cybersecurity Awareness Month 2019 Champion. We're committed to #BeCyberSmart – are you? #CyberAware staysafeonline.org/ncsam/champions/

Follow #StayCyberHappy during October for my Daily Tip to Protect You, Your Vendors & Your Company!

We're a Champion.png

New Scam Alert: Phishing Abuse of HTTPS and 65% of BEC Scams Target Gift Cards

New Scam Alert:   Phishing Abuse of HTTPS  and 65% of BEC Scams Target Gift Cards

Security Boulevard reported that APWG released findings that in Q2 of 2019 more than half of phishing sites have HTTPS, which makes the site appear legitimate.

The findings also revealed that over 65% of BEC attacks are focused on getting obtaining gift cards. How do you combat? Train your staff to spot these threat actors through the requirement to send the gift card numbers. Also, add a policy that leadership will not ask the employees to request gfit card numbers, only tunr over the actual cards or send via by mail.

Security Boulevard has the story here.

New Scam Alert: Watch Out for Links to Sign Into Your Office 365 Account

APWG Phishing Continues to Rise, Threat Actors Love Gift Cards.jpg

Think you are getting a Non - Disclosure Agreement? Not. Cybercriminals are posing as Vendor Capitalists and Private Equity firms. The emails have no grammatical errors and the goal is to steal your Office 365 credentials.

Security Boulevard has the story here:

New Scam Alert: Change Your Calendar Settings to Avoid Fraud

Scam Alert:  Change Your Calendar Settings to Avoid Fraud

Cybercriminals are taking advantage of your calendar settings to automatically add invitiations. Fraudulent links or downloads are included in the invite, which is more likely to be accessed by the user since their guard may be down in calendar assuming they forgot they accepted the calendar invite.

Change your (Google, Outlook, etc) calendar settings to not automatically accept invitations.

The Better Business Bureau has the story.

North Carolina county falls for BEC scam, to the tune of $1,728,083

Debra R Richardson.jpg

The North Carolina county of Cabarrus, in the US, says that it’s managed to claw back only some of the $2,504,601 it paid to a scammer posing as a contractor working on building a new high school.

The crooks used social engineering – specifically, what’s known as a Business Email Compromise (BEC) scam – to pose as Branch and Associates, which is a general contractor that’s working on building a new school for the Cabarrus County Schools District.

The scam came to light after Branch and Associates sent a courtesy notice about a missed payment on 8 January. County staff confirmed that the electronic funds transfer (EFT) had, in fact, cleared the month before.

County officials next notified the bank to which the $2.5m was transferred, Bank of America. The bank managed to freeze $776,518.40 of the $2,504,601 that remained in traceable accounts.

Continue reading on Naked Security.


Authentication. Validation. Management. TM.jpg

Use authentication techniques, internal controls and best practices in Vendor Setup & Maintenance to protect your vendor master file from fraud.

How I Helped Cabarrus County After Their Social Engineering Scam. I Can Help You Too...

How I Helped Cabarrus County After Their Social Engineering Scam.jpg

Great mention of my services: "Cabarrus County government targeted in social engineering scam" - Business Today http://bit.ly/2YvzSPC


Authentication. Validation. Management. TM.jpg

Use authentication techniques, internal controls and best practices in Vendor Setup & Maintenance to protect your vendor master file from fraud.

BEC Scammers Turn to Aging Reports in New Twist

BEC New Twist.jpg

Don’t be tricked to giving your AP Aging Report - they are gold to scammers. Read the post from Info Security here.

Add authentication techniques, internal controls and best practices to reduce the potential for fraudulent payments.

 
 

Guest Appearance: Protecting your accounts payable function from cyberattack

 
Cyber Risk Management Podcast.jpg
 

Click to Listen

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, talk with guest Debra Richarson about how finance professionals should protect their company from common financial cyber fraud.