Best Practices to Prevent Becoming a Victim of Social Engineering Fraud

Fake President/CEO Fraud:

• Always speak to the individual who has purportedly sent or given the instruction to make a payment.
• Always verify requests with another director, manager or supervisor and check the bank account is on an approved list which has been vetted.

Telephone Payments & Fund Transfers:

• Avoid giving or accepting payment instructions via telephone or email.
• Only accept requests in writing and on company headed paper from a known point of contact in that organisation.
• Verify all requests with a call back procedure to confirm authenticity.

Email scams & requests to Change Bank Account Details:

• Check the name and email address of sender for spelling mistakes and if they are on approved list of contacts.
• Do not open any emails from unknown senders or with suspicious titles - they could contain viruses and expose the organisation to a cyber attack.
• Where an email appears to be from a known person, click on the email address to ensure it’s not hiding a bogus address.
• Using a call back procedure to authenticate the request can avoid being victim to a fraudster impersonating a known contact.
• Check the client file for any history of previous requests to amend bank account details or send large sums to a new account.

Managing Suppliers & Vendor Details:

• Maintain an approved list of suppliers and vendors, including key contacts with email addresses and telephone numbers.
• Ensure Suppliers and Vendors know that any requests to change bank account details should be sent in writing on company headed paper, signed by an approved person.
• Have a dual control procedure in place when appointing new suppliers to prevent fictitious vendor fraud.