There’s a new level of fraud in town, and it doesn’t come from outside your doors. Instead, it’s coming straight from you.
Just ask a Snapchat employee about it, who fell for the scam earlier this year. In this case, the employee received an email impersonating the CEO, asking for sensitive data. The employee believed it, released the data, compromising internal employee records.
Fraudsters find where the weak points are. And in cases like this, they know that when you receive an email or a text message from someone you know, someone in authority, someone you’re used to receiving information from, the chances are you’ll respond without a second thought.
It’s called “call spoofing” and involves masking their phone number and manipulating it to appear as another. And you can use it to accomplish many different things, including obtaining sensitive information, making unauthorized purchases, even opening up lines of credit.
When something comes from a trusted source, you want to believe. It’s human nature. That makes this type of fraud that much more difficult to counter, especially for eager employees trying to do a great job and looking for opportunities to move forward within the company.
Just like a lot of other kinds of fraud, “call spoofing” relies on the human element to be successful. It plays on human emotion and their desires to ultimately please those around them.
It’s difficult to train your employees to question everything. But to succeed against some of the most potentially damaging security risks out there, questioning everything makes good business sense.
Strengthening the human element means making people aware of social engineering tactics. In an age where sensitive data is readily available for all to see in environments like Facebook or LinkedIn, fraudsters are able to guess the right answers to security questions with ease. Which means employees must look beyond the obvious – a simple answer – and go more on gut instinct – watching for things that simply don’t make sense.
Question everything.
- Does this request make sense?
- Is it framed in a way that makes it believable?
- Is this something this person would normally ask for in this method of communication?
- Is there a way I can quickly verify the validity of this request?
Training your employees to think differently is half of the battle. The other half involves strengthening your systems. Arm your employees with as much information as possible about normal routines within the business environment. Real-time fraud analysis systems can also validate information even before it finds its way to your employees’ email boxes or phone systems. And when something doesn’t meet with the way things are normally done, they have the ability to treat suspicious activity in a set way that puts your entire company at less risk.
How strong is the human factor in your business at preventing fraudulent behavior?
