was successfully added to your cart.

“Deep Sea” Phishing

By May 20, 2018CMF Blog

We have had several middle market clients suffer six-figure losses as victims of “clone phishing”. The typical hacker works by:

  1. Monitoring the email account of someone with decision making power (i.e. CEO or high-level finance executive) within an organization
  2. Identifying a vendor that sends large invoices to aforementioned individual via email for payment
  3. Intercepting invoice, changing amount and ACH payment information to a malicious bank account, and continuously contacting others within the organization and accounts payable to pay the fraudulent invoice, ASAP

Don’t take the bait! Here are a few tips on preventing and detecting the rogue fishermen:

  • See something, say something
  • Click on the name of the sender to confirm the email originates from the vendor on the invoice
  • Establish a callback procedure to verify any changes in ACH or wire information for customers and vendors
  • Institute double verification for amounts over a specified limit
  • Strengthen IT security
Interested in sharing?Email this to someoneShare on LinkedInTweet about this on TwitterPrint this page