Your business information is vulnerable to social engineering. Protect it!
Social engineering is the term given to the practice of the manipulation of people with the intention of persuading them to reveal confidential information. Exploiting the natural human inclination to trust, criminals use sophisticated tactics to gain access to passwords and bank information. Social engineering takes many forms. Via email it is known as ‘Phishing’, via text message it is known as ‘Smishing’. In the UK, there are two particular varieties of the crime which are rapidly rising. The first is perpetrated via the telephone and is known as ‘Vishing’, and the second is ‘invoice fraud’.
Vishing is being used increasingly by criminals to deceive businesses into revealing company financial information or to encourage the transfer of funds into a bank account held by the criminal. Posing as a company supplier, a police officer or a member of staff from a bank or building society, the criminal will make an attempt either to obtain your company bank account details or will ask for bank payee details to be altered so that regular payments normally transferred to a genuine supplier account are instead made into a fraudulent account.
Every company or organisation is vulnerable to invoice fraud. This type of fraud occurs when a company or organisation is tricked into changing bank account payee details for regular payments. Criminals pose as regular suppliers to the company or organisation and will make a formal request for bank account details to be changed.
Criminals who specialise in invoice fraud are often aware of the full details of relationships between companies or organisations and suppliers and they know when regular payments are due. Equipped with sophisticated information, they make contact with finance teams within companies and organisations, posing convincingly as suppliers. Payments are repeatedly made to them and the fraud is often only discovered at the point when the legitimate supplier of the product or service chases for non-payment of invoice. At that point recovery of the funds from the fraudulent account is very difficult.