SSW Foursquare

Do you know how to prevent phishing for payments?

Last updated by Jean Thirion [SSW] about 2 months ago.See history

According to the Association of Certified Fraud Examiners' 2024 report, organizations lose an estimated 5% of their revenue to fraud each year.

In Australia, cybercriminals are increasingly targeting businesses, leading to global losses of up to $2.9 billion annually.

Accountants and accounts payable professionals are prime phishing targets due to their access to financial transactions, and some may lack cybersecurity awareness. Scammers exploit this through fake invoices, compromised emails, and fraudulent bank detail changes

It always requires extra care and diligence on money, accountants can follow the suggestions below to mitigate these risks.

  1. Recognizing Phishing URLs

Phishing emails often contain malicious links that can lead to fraudulent websites.

See SSW Rule - Do you know how to recognize phishing URLs?

  1. Preventing Email Compromise & Fraudulent Payments

Attackers often hack business emails to send fake payment requests or change bank details.

Enable MFA - Be careful to manage your passwords and always use Multi-factor authentication

See SSW Rule - Do you use MFA and avoid typing passwords?

Use security tools - Use email security tools (e.g., Microsoft Defender).

Verify changes by phone - Always call a known contact using a verified number before processing any changes. Never trust phone numbers from emails requesting updates.

Paying a supplier - confirm the bank details by calling the creditor's verified number for the first payment (over $1,000) or if there is a change in bank details.

Figure: Good Examples

Monitor email forwarding rules - Hackers may set up auto-forwarding to steal sensitive information. Regularly review and disable unauthorized forwarding.

  1. Adding an Invoice Disclaimer to prevent Fraud

Including a disclaimer on invoices can help prevent phishing attacks that aim to alter billing details.

• Authorized domain only - Clearly state that all official communication, including billing and invoices, will only come from a specific domain (e.g., @company.com).

• Changes only come from verified channels - Any changes in payment details will only be communicated through verified channels, such as a notification with the company seal or a direct phone call from an authorized representative

Example:

To ensure the security of your payments, please be aware that SSW will never request changes to our bank details via email. All official communications regarding billing details will only come from emails originating from our authorized domain: @ssw.com.au.

✅ Good Example

Jimmy Chen
Accounting
We open source.Loving SSW Rules? Star us on GitHub. Star
Stand by... we're migrating this site to TinaCMS