Your Greatest Risks
The most common fraud attempts occur through two methods: Phishing and Social Engineering.
Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
Phishing is often designed to prey on your sense of fear, urgency, reward, or curiosity to lure you into performing an action such as clicking on a hyperlink or opening an attachment. This usually results in the hyperlink or attachment downloading malware that gives the sender access to your computer or network.
When you receive emails from someone you don’t know, review it carefully and with a sense of suspicion. In most cases, you can just delete it. If you receive an email from someone you know and were not expecting, then contact the sender and verify before opening the email and putting yourself at risk of infection. Even if you receive an email from someone you know and regularly email, be aware if their writing style is suddenly different or they misspell words they wouldn’t normally. This could be a sign that the sender’s email was hacked and now you are a target too. Often times the email owner’s account has been compromised and the perpetrator is sending malicious emails to the owner’s contact list without their knowledge.
Social Engineering is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
An example of this is when an email account is compromised and requests are submitted to contacts in the email account’s address book to complete some action. Typically, the fraudulent message asks for help, hoping to take advantage of the receivers’ good nature. The wording generally creates a sense of urgency in an effort to induce the receiver to side-step standard procedures. This approach is intended to manipulate the email victim into providing information or performing some action that will give the perpetrator access to the system.
Lack of controls can result in fraudulent activity via social engineering. For example, a CEO/Owner’s email account is compromised. As a result, a message is sent to the CFO/office staff requesting that a wire transfer be sent out to a third party. The CFO/office staff does not challenge the request and subsequently submits the paperwork asking for the money to be sent. This social engineering attempt will not be discovered until it’s too late unless the CFO/office staff responds back to the CEO/Owner at a different or known email account (one that was not compromised) or calls and asks about the wire. The CFO/office staff should not respond to the CEO/Owner by just replying to the email requesting funds. This type of fraud is becoming common among our customers. This breach of security can affect anyone from the CEO of a major corporation to a sole proprietorship. There are no targets too large or small.
Farm Credit West has seen these attempts happen internally as well as to some of our borrowers. These attempts are ongoing too. They don’t try once and then give up, they keep trying.