What would you do if a significant sum of money magically disappeared from your account due to a “miscommunication” between accounting and someone pretending to be you? Wire transfers have made it extraordinarily easy for scam artists to make large transactions, which are augmented by the ability to impersonate authority figures within the office; the c-suite staff, also known as management.
This type of CEO fraud is known as a “whaling” scheme. In a sense, it’s like a phishing scheme, but on a much larger scale. When it comes to whaling, rather than faking the identity of your IT department or another employee, the hacker goes for the motherload: you, the business owner, or another member of your management staff. This plays to the employee’s willingness to comply with your requests and makes it more likely that they’ll perform unreasonable tasks, like sending “you” a large wire transfer.
Wire transfers in particular are proving to be a powerful tool for hackers to exploit. ITProPortal reports: “Individuals create bogus messages seemingly from a senior leader, for example, the CEO, which asks employees to wire funds across to them. The messages ultimately trick employees into transferring large amounts of cash electronically.” The average value of a wire transfer is $67,000, and according to the FBI, CEO fraud has cost businesses over $3 billion over the past three years alone.
One of the biggest problems with wire transfers is that they are difficult, and often impossible, to challenge. Therefore, your best chance of recovering from a whaling scheme is to avoid getting scammed in the first place, unfortunately. Due to the fact that wire transfers are too fast and finite, you’ll want to ensure that your business has practices in place to handle this influx of CEO fraud. A good place to start would be to address how your business handles unsolicited requests for payments or credentials via email, telephone, or otherwise. Here are a few tips and tricks to consider for your business.
- Implement hands-on phishing scam training: If you want someone to learn something, it’s best to have them go through the process themselves. This type of hands-on education works well against phishing scams. Engineer a system that roots out those who have subpar reactions to phishing scams, and help them learn how to improve their ability to react to threats.
- Always check in person before sending credentials, or anything else: Emails that request suspicious or sensitive information need to be cross-referenced, either in-person or by checking the email addresses that you have on record. Although, even this might not work at all times, as hackers can potentially spoof email addresses to make their messages appear legitimate. Basically, it’s better to just ask whoever supposedly sent the message before responding rashly to a request.
- Educate employees on best practices: We return to the hands-on phishing scam training to emphasize the importance of best practices. Make sure that your team understands how to respond to threats, and regularly quiz them to ensure that they’re not going to inadvertently sink your business or cause data loss.
To learn more about whaling schemes or CEO fraud, reach out to us at (469) 7-ASPIRE.