September 21, 2015

Beware the Counterfeit Email

Recently, I had a conversation with EagleBank EVP/Director of Operations Chris Brockett that resonated with me. Chris accepted my invitation to write a guest post for my blog about it.

People often ask me “as a banker, what keeps you up at night?”  One major concern: cyber threats.  Count on cybercriminals, probably our biggest cyber threat, to always try to be one step ahead.

At EagleBank, we take the need for cybersecurity very seriously.  It demands much of our time and effort, to ensure that our systems, your information – and your dollars – are as safe as they can be.  In a future blog post, I’ll write about various programs we have in place.

But the bank, on more than one occasion, has seen a new scam that I want to make you aware of, so you can be on the look out.  Count on the cybercriminals to be patient and cunning.  Here’s the latest:

Maybe it starts with the scammer sending someone in the company a phishing link, probably in an email.  You click on it, your computer gets infected by a virus, and from then on, the scammer can stealthily look at what goes through your computer, like other emails.  When it looks like the CEO or CFO is out of town, they send an email that looks like it came from the boss, with an urgent request to the company controller or other likely candidate to wire a large amount of money.  It sounds like a complicated concept, but in reality, it’s really not that difficult for the cybercriminals.

Then the employee dutifully reports up the chain that the wire was timely made; only to find out that there never was a legitimate request to transfer the funds. And your company is out the money.

This can even happen to consumers.  Someone buying a house may receive what looks like an email from the settlement attorney or realtor giving wiring instructions for the down payment.  Call the next day to confirm receipt, and you may find out the agent never sent the email in the first place.

The lesson here: NEVER RELY ON AN EMAIL ALONE when it comes to instructions to wire funds.  ALWAYS pick up the phone and make a direct call to the supposed sender using a known number to confirm the instructions – before you initiate the transfer.

Companies and individuals have been tricked out of literally millions of dollars by such scams.  The bank did everything right, but you are out the funds.  Don’t let that happen.  Be cyber wise.  Be suspicious.  Be careful.

–Chris Brockett