The first line of defence is you. One common scam we see time and time again is dummy invoices being created seemingly by a legitimate supplier with a different bank account. How do scammers find your suppliers? Simply by signing into your mailbox usually because a user has accidentally given their credentials away. They will then go through your mailbox looking for supplier who regularly send invoices. They will then set up an email address with your suppliers name. Using hidden code they will hide the actual email address used and essentially ‘spoof’ your suppliers.
In other scenario’s we have seen instances where criminals have gone into an inbox of a management level staff member and forwarded on fake invoices to accounts departments normally with title’s like “approved please pay.” So how do we get around this?
There are two main things your IT provider can do to prevent a situation like the above from happening.
1. Enable multi-factor-authentication.
This one is a no-brainer. If you accidentally give away your password a hacker can’t get into your email account without your phone (just please don’t approve a login attempt unless you are trying to log in).
2. Customisation.
Set up your Microsoft 365 tenancy with a custom background, that way if your staff click on a link that is asking them to sign into Microsoft 365 and they don’t see your company logo in the background then shouldn’t sign in.
There are two simple things that you as an organisation should be encouraging your users to do.
1. Be vigilant – don’t click on anything that looks suspicious, and if you are unsure ask.
2. Question everything
It is that simple. The best line of defence is you.
Delivery Address:
IT Confidence Ltd
32A Poland Rd, Glenfield
Auckland 0627
Postal Address:
IT Confidence Ltd
PO Box 100067, North Shore
Auckland 0745