Lost All The Money

After a several year hiatus, many creative differences, multiple instances of rage-quitting, and several occasions of ghosting so good that Patrick Swayze would have been proud – the group I founded, Host Unknown, has released it’s much-awaited third song.

We’ve covered security certifications, and we’ve tackled risk management. But this time, we’ve locked on to phishing attacks. Or more specifically, business email compromise (BEC), aka CEO fraud.

BEC is where an email is sent to an employee claiming to be a senior exec (usually the CEO) and asks them to make an urgent payment to a new third party for something very important.

Employees that don’t know any better are mixed with feelings of intimidation (this is an important person asking them to do something), and the chance to show how good they are at their job by executing the payment quickly.

This has led to many companies losing millions.

So, what can we do to tackle this?

The answer doesn’t lie in technology. Rather, this is more of a people and process problem. From the people side, it involves raising awareness amongst staff that these scams exist, and they should be on the lookout.

From a process side, steps should be put in place so that one person can’t setup a new payee and send money. Rather, pre-established processes should ensure at least two separate employees should be involved in the decision-making process, with more steps involved for higher value payments.

Otherwise, much like our hapless employee, it could cause the business to lose all the money!