Oct 31, 2016
Posted by Robert Creech in: May Contain Nuts
Of all evenings for this to happen, Halloween…..
The boss is supposed to be on holiday but now he’s mailing you to insist you get some urgent payments made. What to do…? The internet seems to be running slowly, the noise from the kettle boiling sounds just a little too loud and now a black cat has wandered into the office…
At last, the payment has been sent – the boss will be happy and the day has been saved.
I say “saved”, but only if that email was genuine and the payments were authentic. Your view of the room skews, you can’t seem to balance, your legs won’t move……..until you awake, panicked and confused for a moment before realising it was all a dream.
Sadly, it’s not always a dream. A couple of variations on this theme are;
1 – the perpetrator will register a domain very similar to your own, e.g. where your valid domain is “mycompany.com”, they register “myconpany.com”
An email from your email@example.com may well, at first (and second) glance, not look out of place.
2 – Another technique is where the sender simply spoofs the address so the mail appears to have come from the correct sender. At the time you reply you may then see the actual destination is different – again, easy to miss.
It’s very easy to think you wouldn’t be caught in this way. Perhaps you have procedures in place, paper copies of invoices are always required, etc. but in the heat of the moment when the ‘wrong’ mail arrives to the right person on an off day the end result could be a four figure payment which cannot be traced or recovered after the event. It happens – we have had two separate clients have similar approaches made to them in recent months and, while both circumstances ended well, there are documented cases of big corporations getting caught out for some embarrassingly large sums of money.
In keeping with our advice in other articles on our site, have a degree of scepticism with emails in general. Always try to validate an email and its content and, when it comes to fulfilling payment requests, perhaps have a two step process which requires some additional validation beyond email.
I’ll leave you to ponder the above thoughts. Sleep soundly…………
Part of the “May contain nuts” series of short articles discussing familiar topics which we should all revisit once in a while.