How to safeguard against business email compromise fraud

FNB Namibia has warned against the growing trend of targeted phishing e-mails, also known as business email compromise fraud.

“Business email compromise (or BEC) is a form of phishing attack where a criminal attempts to trick a senior executive (or budget holder) into transferring funds, or revealing sensitive information,” Johan du Plessis, FNB Namibia Chief Risk Officer said.

Unlike standard phishing emails that are sent out indiscriminately to millions of people, BEC attacks are crafted to appeal to specific individuals, and can be even harder to detect.

 BEC is a threat to all organisations of all sizes and across all sectors, including non-profit organisations and government Institutions.

“Spotting a phishing email is becoming increasingly difficult and will trick even the most careful user. Having the confidence to ask, ‘is this genuine?’ can be the difference between staying safe, or a costly mishap”, said du Plessis. 

Here is some advice that can help one spot the most obvious signs of targeted phishing emails:

  • Think about your usual working practices around financial transactions. If you get an email from an organisation you don’t do business with, treat it with suspicion.
  • Look out for emails that appear to come from a high-ranking person within your organisation, requesting a payment to a particular account. Look at the sender’s name and email address. Does it sound legitimate, or is it trying to mimic someone you know?
  • Ensure that all important email requests are verified using another method (such as SMS message, a phone call, logging into an account, or confirmation by post or in-person).
  • Does the email contain a veiled threat that asks you to act urgently? Be suspicious of words like ‘send these details within 24 hours’ or ‘you have been a victim of crime, click here immediately’.
  • Some emails will try and create official looking emails by including logos and graphics. Is the design (and quality) what you’d expect?

“If you think you’ve been a victim of a phishing attack, tell your IT department, and the bank as soon as possible. Remember to double check all seemingly urgent payment requests and stay alert,”concludes du Plessis.

 

 

 

 

 

Rate this item
(0 votes)
Last modified on Thursday, 17 February 2022 17:36

Joomla! Debug Console

Session

Profile Information

Memory Usage

Database Queries