USA IT Services

Phishing (email), Smishing (text), and vishing (voicemail) continue to be the top conduits for fraudsters to penetrate business or personal networks. These tactics enable fraudsters to obtain personal information, login credentials, or account information and are foundational to other means of compromise. Educating your employees on how to identify the red flags is critical to prevention.

Business Email Compromise (BEC)
BEC takes on different forms and may be very difficult to detect. The three main points of entry are:
Employee email compromise – uses an employee's personal email to request a change in their direct deposit information for payroll or other compensation.
Vendor email compromise – uses a fake email account to impersonate a vendor asking for a change in accounts payable payment information.
Executive impersonation – impersonates a company executive or trusted authoritative figure to request the origination of a payment or a change to the payment information.
The government agency, www.ic3.gov received almost 800,000 registered complaints in 2020 and expects that number to rise significantly in 2022. Of those complaints, over 19,000 were specific to BEC and generated over $1.8 billion dollars in losses.


A simple yet highly effective mitigant for BEC is to STOP-CALL-CONFIRM.
STOP – DO NOT process the request received via email
CALL – Call the sender using a legitimate phone number known to you. DO NOT reply to the email, and DO NOT call the number listed in the email
CONFIRM - Verify that the real vendor or employee did, in fact request the change

Often seen as a threat to only large corporate entities, ransomware is now impacting businesses regardless of size or industry segment. Ransomware typically involves infecting devices with a virus that locks files behind unbreakable cryptography and threatens to destroy them or publicly reveal sensitive information unless a ransom is paid. Ransomware is typically deployed through phishing attacks – where employees of an organization are tricked into providing information or clicking a link that downloads the ransomware software (malware).


To avoid such loss, be sure your firewalls are updated with the most recent patches, your critical data is secure and backed up offsite, and your employees are knowledgeable about phishing attempts. Additionally, be sure to have a thorough response plan in place to react quickly in the event of an attack. Leverage the framework provided on the www.cisa.gov website to create your plan.

As was mentioned earlier, many phishing attempts target individuals and employees to obtain login credentials, non-public information, and personal data that can be used to impersonate the legitimate user. The more information the fraudster has about you or your business, the more convincing the impersonation will be. Guard your information closely and regularly update your passwords, refraining from using the same password for multiple platforms. It is also a good idea to regularly check your credit report for any unauthorized activity. Lastly, establish a vendor management program with clear expectations around access to your systems and data.

Many of the latest devices are connected to the internet via wifi or other mobile wireless connection. These devices are convenient, but they are also gateways into your network if not protected properly. Take appropriate precautions to mask, or encrypt, your information. Make sure to password protect your devices and secure your home and office network.


These are just a few of the many fraud schemes being used today. It pays to be fraud aware and keep yourself and your employees educated on the latest trends.