Fake Invoice Email Scams and Office 365
WATCH VIDEO HERE
The fake invoice scam has been impacting an unbelievable amount of businesses lately costing £000’s every day.
Every other day there is a business hit with this type of attack and losing money to the bad guys. There are two ways this can happen. Either the attacker is impersonating one of your colleague or a supplier. The second way is your colleague’s or supplier’s email account got compromised. When the email account gets compromised they create a custom rule to forward all the emails from a certain sender to another email outside the organisation so that the recipient never sees them. In both cases, the attacker requests the funds to be transferred into a different bank than the normal bank. How to combat this?
First and foremost is the business process. Whenever there is a request to transfer funds to a new bank the sender should verify the bank details by calling the recipient. The simple and effective process would save millions of pounds to many UK businesses. We are assuming you are using Office 365 and a few other Office 365 technical measures that can help the recipient end are:
- Warn users of the external emails
- Create alerts when the forwarding rules are created
- Enforce 2-factor authentication
- Enable Anti-spoofing
- Educate your employees
These measures may sound rudimentary but there is a surprisingly large number of businesses that don’t have these in place and been a victim of this scam.
It is also a really good idea to consider going through the Cyber Essentials Certification that will ensure you have basic security controls in place before this happens to you.
We don't want this happening to your business. If you need any further help please reach out.
IASMECyber Essentials questionnaire
Read or Download the IASME Cyber Essentials Questionnaire pdf copy here. The questionnaire has different sections laid out for all the controls as well as providing the preparation advice.More
What is the process for Cyber Essentials Plus Certification?
Cyber Essentials Plus accreditation involves the auditing of your IT systems. Read the article to know what exactly is involved in the process.More
What exactly is involved in Cyber Essentials Plus audit?
Cyber Essentials Plus accreditation involves the auditing of your IT systems. Read the article to know what exactly is involved in he audit process.More
Cyber Essentials most frequently asked questions
Cyber Essentials is a Government-backed, industry-supported certification and run by National Cyber Security Centre (NCSC). Here are the Cyber Essentials scheme most frequently asked questio...More
FOR LATEST UPDATES SUBSCRIBE HERE: