Changing supplier bank details on your accounting systems

Changing supplier bank details on your accounting systems - Phishing
Currently we are seeing a spike in email account breaches now that more people are working from home; every time the problem could have been avoided. The solution  – Multi-Factor Authentication. 

With more people using their own PCs at home to do work – PCs outside of the ‘normal’ work environment – users are more vulnerable than ever before. Last week, we witnessed another cyber attack that saw a client lose $5,000 as a result of not implementing Multi-Factor Authentication (a product that is free within Office365).

Email intercepts are usually caused by users entering their password into an illegitimate website claiming to be Office365. When this happens, the hacker is able to hijack your email and have conversations with you and you genuinely believe it is your supplier.  They will typically advise of bank account changes via email and your  accounts staff could easily make payments to a fake supplier.

This scenario is totally avoidable by implementing Office365 Multi-Factor Authentication. If you have not got this in place, we strongly urge you to get in touch with our team today to organise implementation. It is a simple, user friendly tool that every company MUST enable.

Here are some tips to alter your internal processes to ensure you’re not a victim to cyber-crime:

  • If anyone ever asks for a bank account change over email – be skeptical. Call the company straight away to confirm – speak to a person you know.
  • If there are any money related conversations, check the from email address and ensure it is legitimate
  • Ensure procedures for making bank changes and invoice payments are improved and followed regularly
  • Have a two person approval process for all bank transactions
  • Ensure all banking logins are setup with multi-factor authentication also

If you have any questions about any of the information or you would like to clarify anything, please call 08 93677100.


See also: 5 Types of email scams you and your team should know about