If you have ‘wire transfer’ authority, this alert is for you.

We have seen a significant increase in spoofed emails (emails with forged “from:” addresses) asking employees in position of fiscal responsibility to do wire transfers to fraudsters. These attacks are not a typical bulk email attack or even a common phishing attack, where a user is enticed to disclose sensitive information by clicking on a web link. Rather, these are networks of fraudsters writing customized emails – even including email signatures — which appear to come from an executive in upper management and are targeted to specific individuals who have access to bank accounts. The emails assertively ask the recipient to transfer money, or relay instructions on how to do so, often via wire transfer.

We urge all businesses to be extra vigilant about this threat and to specifically educate those with access to financial accounts to require extra authentication for money transfer requests — more than an emailed request. More information can be found on this article: https://krebsonsecurity.com/2015/03/spoofing-the-boss-turns-thieves-a-tidy-profit/

You may contact Michael Senkbeil (262-522-8248) if you would like to discuss any information security concerns at your business.

Written by Michael Senkbeil, MCSE, GCFA, CISSP, CISA | Partner
Posted in News