Chief Technology Officer/CISO
With all the news and confusion around Silicon Valley Bank, Signature Bank and Silvergate Bank, it’s critical to have a heightened awareness of any financial communication you may receive. Bad actors thrive in crisis and use many social engineering tactics to take advantage and profit.
There will be scenarios where scammers will use email to impersonate someone in authority (your financial institution) in order to trick the recipient into disclosing sensitive information or even making a fraudulent transaction.
6 tips to avoid falling victim to business email compromise (BEC):
- Verify email address. Look closely to determine if the email is legitimate—bad actors will use an email address very similar to the legitimate one but with slight variations; sometimes with only a letter, number or character difference.
- Verify again. BEC and Account Takeover attacks are creative and try to trick you into changing the payee account number. So even if the email address is legitimate and from someone you recognize, their mailbox could be compromised. For many good reasons, don’t trust an email without direct verification through a different and direct channel.
- Look for suspicious content. This includes actions that are urgent, unusual or misspelling, phraseology, things that don’t look or sound quite right. This also includes attachments you aren’t expecting or don’t recognize. Most financial institutions do not make or ask for sensitive requests via email.
- Slow down. Bad actors play on fear and risk and will try to compel you to act immediately. Even if something looks legitimate, call your financial institution directly to confirm, do not reply to the email or provide any sensitive information. And importantly, use the phone number listed on a bank statement, website, or credit card—not the number on the email. (The email address and phone numbers direct back to the bad guys).
- Use strong passwords and two-factor authentication. This provides additional layers of security should a hacker gain unauthorized access to your confidential information or credentials.
- Spread the word. Educate yourself and others. By raising awareness, you can help protect your personal and professional information.
If you ever receive a request or information about a financial account over email or text—never trust, always verify.