Many Irish organisations have become victim to a new wave of attacks resulting in financial loss for the victim companies. These attacks impersonate various stakeholders in the business, most frequently the CEO, senior management or a supplier. Emails are sent from this stakeholder requesting financial personnel make a payment or change payment details and redirect payments.
It is unknown whether these emails are sent as a result of a hacked email account or from a fake email account set up. If your company falls victim to such a scam you should firstly report the issue to your financial institution and then report the issue to An Garda Siochana.
Integrity360 recommends following the below steps to ensure your business is prepared for this threat. Companies should ensure that:
- financial staff are made aware of this threat
- staff are suspicious of CEO and supplier emails requesting unusual or urgent payment requests
- staff alert the IT department if they receive any suspicious emails
- a strict policy is in place for making financial transactions and for updating financial information
- strict password security is enforced on email accounts
- staff are required to change their passwords regularly