June 2021
Greetings!

We are grateful to have the opportunity to share our knowledge and wisdom with you through our educational e-newsletter. Our e-newsletter aims to provide you informational tips to make you cyber-savvy.

We take special care to ensure the information we provide you in "Cyber 60" is the latest and most current information available to educate you on protecting your most valuable information assets. This edition explains how to prevent hackers from stealing your money through fraudulent transfers.

We want to write about topics that are important and of interest to you. If you have topics, you would like us to cover, please email them to us at info@bawn.com

We encourage you to share our e-newsletter with others in your sphere of influence. 

Sincerely,
Jonathan Trimble
Founder/ CEO
Don't Let Hackers Steal Your Money!
The examples are everywhere: A law firm is tricked into wiring $800,000 into a fraudulent account, and the partners are forced to cover the loss out of their own pockets. A trucking company recently lost $750,000 in the same manner and scrambled to find help to recover the funds. Once the funds are transferred overseas, they are almost impossible to recover.

Business Email Compromise (BEC) is where criminals spoof emails to appear as if they are coming from senior management within the Company. Cybercriminals will often use this scheme to fool employees into wiring funds into an account controlled by hackers. The ploy can often be subtle and difficult to detect when it takes advantage of a legitimate transaction when a spoofed email directs employees at the last minute to send the funds to a different account. Hackers often target law firms, private equity firms, title companies, and CPA firms since they regularly transfer large amounts of funds.

Criminals often rely on specific tactics to perpetrate BEC scams, including:

A false sense of urgency: Cybercriminals (typically posing as attorneys or executives) send spoof emails to victims and convince them to wire money in support of a business deal, such as an acquisition that the victim's Company is managing. These emails feign urgency or demand secrecy from the victim employee.

A trick domain name: In this instance, victims receive an email asking them to wire money to a specific account. The message originates from a domain that looks credible at first glance, but in fact, has been slightly altered (e.g., one character in the domain name is different). These types of attacks exploit the victims' lack of attention to sender details.

Impersonation of a vendor: This type of cyber attack involves emails impersonating one of the Company's vendors. The sender's domain name is genuine, and the transaction seems legitimate—often with proper documentation attached—because the scammer has hacked into the vendor's email account. However, the processing details direct payment to an account that the criminal controls.

So, what can your firm do to prevent these fraudulent transfers? Some basic countermeasures will significantly reduce the risk to your firm:

  1. Flag external emails: Set your email service to flag emails that originate from outside your organization.  Spoofed emails will show an internal email on the "From" line that the user views, but your email service reads the extended header, showing where the message originated. Emails that are flagged as external but show an internal email address should be treated with suspicion.
  2. Define what transactions require scrutiny: Regular transactions to the same party probably don't need to be verified each time.  Changes such as account number or significant deviation from the normal amount should require additional checks.  
  3. Define the firm's authorizing officials: Only certain managers within the firm should be designated to authorize wire transactions and up to a preset amount.  Any "out of bounds" transactions should be subject to additional verification.
  4. Implement multi-step verification procedures: For transactions above a certain level or involving bank/account number changes, employees should not rely only on emailed instructions.  Require employees to call the authorizing official and verify the transaction. Do not rely on any phone number included in the email; use the Company's internal directory.
  5. Train your staff and develop security awareness: Verification processes will only work if employees are trained appropriately and implement them daily.  Make sure your staff is aware of the threat of business email compromise, the tricks commonly used by cybercriminals, and the firm's processes to prevent fraudulent funds transfers. Your employees are your first line of defense!

If you need a cybersecurity training program developed to educate your staff, please call Bawn at 888-477-2296.

Quick Links
Contact Us
Austin Main Office:
2802 Flintrock Trace, Ste 277
Austin, Texas 78738
Phone: 888-477-2296
Email: info@bawn.com  
Website: www.bawn.com
 
Texas License #A12729101
Our Founder/CEO

As a Special Agent at the Federal Bureau of Investigation (FBI), our Founder, Jonathan Trimble, led several complex criminal and counterintelligence investigations, including the dismantlement of international organizations involved in cybercrime and financial institution fraud. Learn More
About Us
We decrease our client's risk of compromise to their most valuable information assets.

At Bawn, we serve our nationwide clients as a trusted advisor. We help our clients identify vulnerabilities regarding their sensitive information and intellectual property. We then develop a strategy and solution implementing people, processes, and technology.  Our solutions allow them to increase their ability to manage and protect their most valuable information assets. Our clients benefit by maintaining their reputation and confidentiality, reducing their operational costs, avoiding fines and lawsuits, and understanding the information security risks of both their own business and their clients.

We operate from a place of client focus, commitment, compassion, respect, and integrity. We are dedicated to providing fairness, quality service, and Leadership that fosters teamwork, performance, and excellence for our clients. Learn More