All security starts with a policy – businesses should have an agreed policy for such situations, and they should train their staff accordingly. CEOs should hire strong people who are willing to stick to the policy under pressure. Of course, defying the CEO is a great way to get fired in American business, and the cybercrooks rely on this. Don’t play Santa Clause with CyberCrooks this Christmas!”
Expert Comments:
Paul Bischoff, Privacy Advocate at Comparitech.com:
“Businesses and tax professionals are prime targets for phishing, a scam that’s cheap and low-risk for criminals that stand to steal large amounts of money. The agency warns of scammers impersonating both employees and company executives to trick payroll departments and tax preparers into changing the direct deposit routing number for an employee’s bank account.
The best way to guard against this scam is by requiring any such requests for payroll or other financial changes to be verified by a second form of identification. This can be as simple as a phone call to the employee or executive to double check that such a request is legitimate, although be sure not to use a phone number provided in the email.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.