Tim Archer Head of Communications
I received an email recently from a CEO who I do a lot of work for. The subject title was “Emergency”. With a clear tone of urgency he said he had a serious issue on his hands and wanted me to “drop everything” and help.
Given this is exactly what I do as a corporate communications consultant, he had my full attention as I went into crisis mode.
At least until I read the second line of the email, where he asked me to supply my WhatsApp number so he could brief me.
For the briefest of moments, I had fallen for a scam.
Hovering over the sender address revealed the email had not come from the CEO. It was from “email@example.com” no doubt a random hacker sitting in their dressing gown in some far-flung corner of the world.
We have all received these emails.
People who work in finance or accounts are targeted particularly heavily with urgent requests from “their boss” to transfer money or pay a bill.
So called Business Email Compromise is rampant because it works.
More than 3,300 incidents were reported to the Australian Cyber Security Centre in the last 12 months, nearly half of which involved financial loss. In total $79 million was scammed out of the pockets of Australians last year.
In New Zealand, $1 million is lost to cyber crime every month, the majority of which is phishing, credential harvesting, scams and fraud.
The good news is the Australian Federal Police, working with their local and international partners, were able to claw back $8.45m before it landed in the thieves’ accounts.
In one case last year, an Australian business was sent two seemingly legitimate invoices that included altered account details for a bank in Singapore. They paid the invoices, worth $500,000 and $2.1 million, before they realised they had been scammed.
However, because they reported the fraud immediately, police were able to contact Interpol and Singaporean authorities who put a hold on the $2.1m second payment. Unfortunately it was too late to catch the $500,000 payment which no doubt funded a major celebration by the cunning thief.
The message from police is loud and clear.
- Do your due diligence before payment.
- If you are suspicious, pick up the phone and check with your supplier.
- If you fall victim, don’t be embarrassed.
- Report it immediately to maximise the chances of recovering the money.
Human error is always the weakest link in cyber attacks. Good staff communication and education is always the best defence.
At RiskLogic, you can get industry leading Cyber Consulting and Crisis Communications Planning to help build a culture around this very real and common threat. It’s this awareness within your organisation that can make it harder for cyber criminals to break through.