Kentucky Corporation Nearly Loses $40K In Phishing Scam

In a phishing scam, a local Kentucky corporation attempted to transfer $40,000 to a bank account they thought was associated with one of their executives. If you don't know, phishing is much more sinister than it sounds, because in this context you are the fish.

Phishing is a cybercrime in which targets are contacted through email, telephone, or text, by someone posing as a legitimate institution to lure individuals into providing sensitive data (ie personally identifiable information, banking and credit card details, and passwords. The information is then used to access important accounts and can result in identity and financial theft. - Source: www.phishing.org

An individual at the Kentucky business was emailed to wire $40,000 to a foreign account from someone acting as an executive of the business. Without questioning the legitimacy of this information, the individual went to the bank and attempted to wire the funds.

Working with the bank and Central Business Systems, Inc. (CBS), the right questions were asked and the executive was directly contacted to see if this request was factual. When discovering that this was a phishing scam, there was immediate relief from everyone involved that the money was not sent.

As stated earlier, we move quickly in today’s world. It is extremely import to slow things down and question anything that may feel out of the norm. Anytime anyone requests anything financial or sensitive, never to reply with an email. Always pick up the phone (dial the number you have on file) and question the request.

This is another reason why it is important to have a specialized security team who is looking out for you. By including us in the conversation, we know when to ask the right questions and this can save you more money than you originally expected.

Ten Tips to Protect your business from Phishing

1. Keep Informed About Phishing Techniques – New phishing scams are being developed all the time. Without staying on top of these new phishing techniques, you could inadvertently fall prey to one. Keep your eyes peeled for news about new phishing scams.

2. Think Before You Click! – It’s fine to click on links when you’re on trusted sites. Clicking on links that appear in random emails and instant messages, however, isn’t such a smart move. Hover over links that you are unsure of before clicking on them. Do they lead where they are supposed to lead?

3. Install an Anti-Phishing Toolbar – Most popular Internet browsers can be customized with anti-phishing toolbars. Such toolbars run quick checks on the sites that you are visiting and compare them to lists of known phishing sites. If you stumble upon a malicious site, the toolbar will alert you about it.

4. Verify a Site’s Security – It’s natural to be a little wary about supplying sensitive financial information online. As long as you are on a secure website, however, you shouldn’t run into any trouble. Before submitting any information, make sure the site’s URL begins with “https” and there should be a closed lock icon near the address bar.

5. Check Your Online Accounts Regularly – If you don’t visit an online account for a while, someone could be having a field day with it. Even if you don’t technically need to, check in with each of your online accounts on a regular basis. Get into the habit of changing your passwords regularly too.

6. Keep Your Browser Up to Date – Security patches are released for popular browsers all the time. They are released in response to the security loopholes that phishers and other hackers inevitably discover and exploit.

7. Use Firewalls – High-quality firewalls act as buffers between you, your computer and outside intruders. You should use two different kinds: a desktop firewall and a network firewall.

8. Be Wary of Pop-Ups – Pop-up windows often masquerade as legitimate components of a website. All too often, though, they are phishing attempts. Many popular browsers allow you to block pop-ups; you can allow them on a case-by-case basis.

9. Never Give Out Personal Information – As a general rule, you should never share personal or financially sensitive information over the Internet. When in doubt, go visit the main website of the company in question, get their number and give them a call.

10. Use Antivirus Software – There are plenty of reasons to use antivirus software. Special signatures that are included with antivirus software guard against known technology workarounds and loopholes. Just be sure to keep your software up to date.