Our new Secure Client Portal prompted us to note some of the most important precautions that can help everyone to avoid hackers and stay safe online.
One of our own directors experienced the problem on a recent overseas trip. Simply checking his email over a public wifi network – combined with less than perfect oversight by his bank – led to an unauthorised transfer of funds (now refunded by the bank). In this case, the scammers were able to set up an email divert, and emailed the bank who subsequently failed to examine properly a forged signature sent to them by the scammers.
Many of us use public wifi’s, particularly when travelling, but this was an example of a simple everyday email check leading to fraud. Make sure that websites you go to are fully encrypted if you are providing personal details, and think about changing mobile device settings so you don’t connect to wifi networks by default.
We also recently came across a case recently where one of our contacts received an email from a supplier informing them of a change of bank account details. That email was not really from the supplier, and payments of $30k a month were at stake.
It all highlights the importance of checking transactions like these personally – by calling the sender and asking for verbal confirmation. No email, however plausible, can be depended on as being reliable and from the right person. The more eyes on these things the better, so consider having different people in your organisation update bank details and make payments. Run monthly exception reports on creditors, to check important changes that may have been made. Scammers are deliberate and patient, so they’ll often wait a few weeks to make their move.
The most important principle is simple: be aware, question everything, and where possible phone and check. All of us are guilty of becoming too reliant on electronic communications, and scammers have all of the official-looking materials needed to look as if they are ATO, ASIC or your bank. You can easily check many scams online, with a quick Google search. Gone are the days of dodgy looking logos, or spelling mistakes in these emails – they look more authentic than ever before. Never click on any email links from people you don’t know and even then it would pay to check with familiar contacts if they send you a link which seems ‘out of the ordinary’.
You might want to consider cyber insurance. Many policies offer cover to safeguard against data breaches, computer hacking, employee error, and more. Watch the small print and check what is/isn’t covered – some are becoming stricter on exclusions, as the scamming problem gets worse.
Nobody is untouchable, so stay vigilant when online. Don’t lose the human touch and don’t respond to emails in a rush. What looks plausible right now might seem odd when looked at just a little more closely.