There have been recent scams going around targeting Australian Businesses. These criminals have been researching employees from various Companies (using Linked In or company website data to build a list of the employees), then contacting the Accounting staff attempting to impersonate Management/Directors requesting to transfer money to bank accounts.
Users have to be very vigilant, most importantly the users who manage finances. These are the ones who are being targeted. Please pass this email around to all staff members and most importantly inform your accountants. We have seen a few incidents and all of them lead to company finance users being requested to make a bank transfer.
Chill IT highly advises to always confirm unusual transaction requests with a follow up call to Management/Directors to validate such requests.
Please ensure that your passwords are strong – It is highly recommend not to use dictionary words or sequential numbering for your email/Microsoft accounts.
We are seeing three different types of cases:
A domain is registered that is very similar to your own.
A recent example; a scammer registered a domain with an I instead of an L.
www.allphones.com VS www.alIphones.com
The second domain having a capital “-i-” instead of a lowercase “-l-” and on cursory glance it was not picked up. A fake email was sent from the CEO to accounts requesting a transfer – the accounts department was suspicious and checked with us – we were able to identify it was a fake domain (rather than the real CEO’s account being hacked).
People can try and imitate (spoof) your email address.
People can construct and send an email so it looks like it comes from firstname.lastname@example.org.
The more sophisticated systems will check and see if it was sent from an authorised “@whitehouse.gov” server – and if not – will not accept the email.
The scammer can modify the from address, at first it may look authentic – eg John Smith <email@example.com> however when you click reply, the recipient address can change to John Smith <firstname.lastname@example.org> Be very careful to ensure the reply address is the correct address.
How Chill IT can help!
We can implement this additional protection for Case 2 but cannot do anything for Case 1 or 3 as they are real domains/email addresses.
This additional protection means that emails that are sent from your domain are only accepted if your server is listed as an authorised email server for that domain. This reduces the risk of you getting an email from your CEO’s spoofed email address instructing you to make various payments.
If you do want this additional security feature to be implemented, we will need to know if you use a third party email solution e.g. MailChimp. As we need to list MailChimp as an authorised server to send emails from your domain.