Open Mobile Menu"
AFP 2018 Blog

How to Fight Phishing and Social Engineering

Aug 2, 2018

Cyberfraud is not just a technology problem. It’s also a people problem.

Let me explain. There are two types of cybersecurity fraud: social engineering and phishing. Both types are heavily dependent on activities by people—having nothing to do with a virus in the traditional sense. Fraudsters research people likely to have access to cash (whether it’s their own or others) or cash transfer—such as finance professionals or those in professional services  Then, they gather as much detail as possible on the target and on the people they interface with. A common tactic is to target a CFO’s account while posing as someone in need of an urgent request from the CEO or another key organizational stakeholder to wire funds.

These types of attacks happen all the time many times per day. Both small and large companies are at risk. Even Google and Facebook have fallen victim to this. Smaller companies often do not have the security tools and or internal controls to help prevent this kind of attack, so they are even more at risk.

These fraud trends will continue to accelerate.

If the fraudsters (often called “bad actors” in cyber security circles) keep collecting information with low risk they will keep doing it—and that will only encourage more cyber criminals to enter the arena. Governments will need to step in and start prosecuting smaller hackers, especially in foreign countries, to help curb this.

It’s important to understand that fraud can happen to an individual or a company. Anyone is a target and the goal is to steal money and or information. Fraud with an individual could also be the first of many steps to ultimately commit fraud against a company

To prevent cyberfraud, you should:

   •    Use technology that blocks phishing emails and identifies possible threats
   •    Have a well-documented process for moving money securely
   •    Establish rules for who has access and authority to move money
   •    Perform regular security training with their employees
   •    Proactively phish your employees to aid them in training.

You are only as secure as your weakest link.

Social engineering and phishing can occur to anyone at any time. You are only as secure as your weakest link … which could be an under-trained employee, a poor internal process, or even outdated technology. You should take steps now to combat the threat.

To learn more about how to prevent cybersecurity fraud in your organization – and for an action plan on making your teams more cyber aware – attend our session Financial Reporting and Employee Theft-You Think You Are Immune? at AFP 2018.

Brian Brammeier
Chief Executive Officer
Higher Ground Managed Services