Online Payment Instructions: Vigilance and Security Guidelines

A recent case involving one of our clients unveiled the serious threat of online payment scams. An unsuspecting employee was instructed via an email (seemingly from their company director) to transfer £20,000. A system failure led to a phone conversation between the employee and director, revealing the truth: the director hadn't sent the email.

The director's email had been hacked, its settings manipulated to auto-delete all incoming messages. The scammer had acquired the director's login details through a disguised Dropbox file, replicated payment instructions, and sent a fraudulent one. Simultaneously, the scammer sent the same Dropbox trap to 400 contacts from the director's address book.

This close shave puts the spotlight on potential losses in online transactions, including bank/wire transfers, and gift-card requests.

Protecting Against Scams: Key Steps

1. Two-Factor Authentication: Use this crucial security measure for all vital systems, including your primary email and any platform handling financial transactions.
2. Direct Validation: Confirm any unusual or large payment requests directly with the sender, either in person or over the phone. Don't use contact details from the suspicious email.
3. Internal Procedures: Have a clear, well-documented process for all payment requests and authorizations. Treat any requests outside this procedure with suspicion.

Spotting the Scams: What to Look Out For

4. Urgent Requests: Be cautious of unexpected emails demanding immediate bank transfers or gift-card purchases, even if they appear to originate from your own organization.
5. Password Protection: Ensure your email passwords are robust, unique, and not reused across multiple accounts.
6. Unusual Emails: Examine emails for odd language or style that deviates from the sender's norm.
7. Unknown Pages: Never input your email and password on pages you haven't accessed before.
8. URL Verification: Ensure the URL matches the actual company name when clicking on a link.

And remember, if anything seems off or uncertain, don't hesitate to reach out to us for help. Your security is our priority.