It was announced earlier this year that hacker attacks using phishing scams and malware have surged 400% this year's tax season alone. We've told you in the past how to spot and avoid these types of emails but, sometimes a hacker manages to send the right fake email to the right person, and they get everything they want.
Major tech company Snapchat fell for it. Tech company Seagate fell for it. Toy maker Matel, Magnolia Health Corporation and tech firm Ubiquiti are all victims, too. Now, add investment firm Pomeroy Investment Corp. to that list.
One employee fell for a phishing email and was tricked into transferring $495,000 to a bank in Hong Kong. To make matters worse, it took eight days before anyone took notice.
No details on the specifics of the attack have been released, but we can assume it went down like most other CEO-scam scenarios: An employee at a company receives an email, seemingly from the company CEO or someone in the payroll department. It's a quick email asking for, let's say, payroll information, or a quick money transfer.
The employee doesn't bat an eyelash, assuming the email is nothing out of the ordinary, responds, or clicks on a malicious link and all of a sudden sensitive information of the company and its employees is in the wrong hands. In this instance, the employee transferred nearly half a million dollars to a bank in Hong Kong.
Scammers are getting trickier by the day, so you'll have to stay one step ahead of them. One way to do this is to know the warning signs and red flags to look for before clicking on any links or sending out any sensitive information.
- Keep an eye out for typos and bad grammar
- Be able to identify where the email is coming from
- Hover your mouse over any links before you click to make sure they are pointing towards where they are supposed to.
For businesses however, the rules are a little bit different. The FBI wants you to:
- Be wary of email-only wire transfer requests and requests involving urgency
- Pick up the phone and verify legitimate business partners
- Be cautious of mimicked email addresses
- Practice multi-level authentication
If someone in your company falls for one of these scams, the FBI urges you to:
- Contact your financial institution immediately
- Request that they contact the financial institution where the fraudulent transfer was sent
- File a complaint—regardless of the amount of dollars lost—with the IC3