The latest industry news, articles and events
Business mandate fraud occurs when someone purporting to be from a genuine supplier that regular payments are made to contacts an organisation with a request to change a direct debit, standing order or bank transfer mandate. If the organisation accepts the fraudulent request, the payments are then diverted into the criminal’s bank account. The genuine supplier details are usually obtained from a range of sources including fraudulent staff, publicly available contracts, online logs of supplier contracts or the Dark Web.
With the majority of employees now working from home for the foreseeable future all precautions must be taken to secure networks, finances and data. Cybercriminals will attempt to exploit the current change in employee circumstances with phishing emails. Some will be obvious frauds, but some will not. Many fraudulent emails are crafted with an urgent tone, designed to shock an employee into complying with their seemingly legitimate demands. This is especially effective if it has been ‘sent by’ a senior manager or director and is referred to as CEO Fraud.
This type of fraudulent activity affects organisations across all business sectors and with the current COVID-19 pandemic there has been an increase in multiple forms of phishing attempts under the guise of informative health information. These include tax refunds and ‘cures’, all of which are tempting clickable links to unassuming individuals.
Here are some fraudulent methods used to look out for:
The National Cyber Security Centre (NCSC) has issued a similar warning about coronavirus-themed phishing attacks. Employees and organisations can implement certain procedures to help maintain productivity without increasing cybersecurity risks.
Secure Remote Working Tips:
With the increase in phishing attempts, have your user credentials and passwords fallen victim to business mandate fraud? Perhaps now is a good time to find out what credentials may have been exposed and ensure all employees who are working remotely have up to date secure passwords that have not been leaked.
CYFOR’s Dark Web Monitoring solution detects compromised business credentials in real-time, notifying our experts immediately if your credentials have been compromised. This is before they can be exploited for fraud, identity theft, data breaches, or other criminal activities. Frequent scans and monitoring combined with other cyber security services such as Vulnerability Assessments can vastly improve the security posture of your organisation.
In the unfortunate event that your organisation falls foul of a phishing attempt or ransomware attack, CYFOR’s Cyber Incident Response team are on hand to assist you immediately. Our cyber security consultants combine digital forensic investigative and remediation expertise with leading technology to mitigate critical situations. The majority of our remediation expertise can be applied remotely ensuring your organisation gets back to operational effectiveness, quickly and efficiently.
London: 0207 438 2045
Manchester: 0161 797 8123