The year 2021 is already proving to be a complex one for business owners. There’s extended closures, new laws and rules to consider, PPP round two, and last but certainly not least, extremely sophisticated hackers looking to steal your money.
This new breed of hacking manages to duplicate your employees’ emails to the point where you have no idea that you are communicating with a criminal, allowing them to learn more and more about your systems and employees.
In this year alone (yes, all 18 days so far) I have heard the following reports from employers:
“They sent an email that was exactly like the CFO’s email requesting payroll information. In the normal course, I provided it.”
“An employee sent me an email with an invoice, it was that employee’s actual email address. The only thing that looked suspicious was the products on the invoice, so I sought additional approval. Thank goodness I did.”
“The employee sent a signed direct deposit form directly from our internal email system. It looked identical to our email system. I made the change. It was not our employee or their account information.”
Mistakes like these could cost employers thousands of dollars, and these criminals are getting away with this crafty criminal activity on unsuspecting companies daily. It is no longer acceptable to just hover over the name to see if the email address looks suspicious. Companies need to talk with their IT professionals on how to combat this type of hacking. They also need to continue to educate their employees on verbally verifying certain requests before making them. I know it seems like picking up the phone these days is so “outdated”, but it can be a necessary tool in combating this type of theft AND it can also help to brighten someone’s day when they get to communicate with you directly.