Electronic Fund Transfer Fraud & Phishing

Over the past several weeks, we have been experiencing above average claim activity as it pertains to cyber liability.  Through further evaluation of these claims, Electronic Fund Transfer (EFT) fraud and phishing scams have been the most frequent.  Organizations of all sizes need to be extra vigilant with regard to this exposure, whether the email comes from internal or external contacts.  While EFT and ACH payments have become far more normalized today than they were in the past, complacency around quality controls of this exposure can have devastating effects. The most recent claims that we have seen tend to target employees in the finance department, particularly those in accounts payable. A typical scenario in which hackers have had success in phishing and social engineering scams looks like this: An accounting employee receives a seemingly innocent email from a trusted associate or vendor of the organization. The email will likely contain familiar names, logos, etc. to the organization. However, one letter in the email address may be changed.  An example of this may be using “cl” in place of “d”, thus the appearance of a legitimate email.  The instructions in the email are designed to create a sense of urgency on behalf of the recipient, causing them to act swiftly, and often without regard for organizational protocol.    Attached is a summation of best practices to assist in mitigating the chances this will happen to your organization. Learn More

Quick Tips to Identify Fraud & Phishing

Stay one step ahead and prepare your organization for fraud & phishing. The crafty work of these hackers will be spotted if you’re diligent in following the recommendations.

1- Email Address & Who it’s From
• Do you recognize the address? Do you know the recipient? Check who it’s from very closely!
2- Any Attachments or Links?
• Are you being told to open or click? Don’t Click It! Hover over a link to see where it takes you first.
3- What’s the Direction?
• Are they asking for personal info, log-ins, or immediate demands? Don’t Rush! Call the person or email them and ask. Use the Forward, not the Reply and type the email address you know is legitimate.
4- Does it look Wrong?
• Are there spelling errors? Look Closely! A lower case d or cl is very deceiving in a URL or words.


Call ISA today with all your questions, we are here to help