Even some of the world’s largest tech companies are vulnerable to email scams. Fortune illustrated this in a report last week, revealing Facebook and Google lost an incredible NZ$145 million to an online scammer. Although they managed to recover most of the funds, it’s a mighty wake-up call.
And if two of the world’s largest, most tech-savvy companies can get hit so hard, what does that mean for the rest of us?
How the scams caught Google and Facebook
Lithuanian man Evaldas Rimasauskas allegedly swindled the funds by posing as one of the companies’ hardware suppliers. Using forged email addresses, he issued fake invoices for tens of millions of dollars over two years. He tricked them into buying supplies they never actually ordered or received.
How you can avoid getting hit by scams
This isn’t just an international problem. The New Zealand Herald reported an increase in fake invoice scams earlier this year, with scammers posing as companies such as Xero.
Netsafe has weighed in with some great practical advice:
- Be on the lookout for invoices for goods or services that you didn’t order or a call from someone claiming to be your regular supplier.
- Always confirm if goods or services have been requested and received before paying an invoice by using a purchase order number system or confirming with employees.
- Limit the number of people in your business who are authorised to make orders or pay invoices.
- If you notice a supplier’s usual bank account details have changed, call them to confirm that the invoice is legitimate.
- Make sure you call the supplier using the phone number you have on file, or look it up on their website or in the phone book.
- Don’t call the telephone number on the email or invoice, as this will likely be the scammers phone number.
- Immediately cut contact with scammers who attempt to bully or intimidate you.
- If the bank account looks like it’s an overseas bank account, or you have any suspicions about the payment details sent to you, investigate further.
And we’ve got a couple of services to give you some extra help.
ScamProtect trains your staff to spot scam emails. We send your staff a series of emails designed to look like phishing emails. Only difference is, these emails are completely benign: fake phishing emails which don’t follow through on a scam.
They give your staff the practice and experience they need to deal with real phishing emails – the ones that could actually cost you. And it conditions them to pay much closer attention to what arrives in their inboxes.
MailProtect helps filter emails from forged email addresses in some cases. Scammers have ways to make an email appear as if it’s coming from a legitimate sender (e.g. fakeaddress@commarc.co.nz). MailProtect recognises these attempts and stops the emails from reaching your inbox. It makes it that much harder for a scammer to succeed. In the case of Google and Facebook, it may have saved them from losing money.
Get up to speed with everything above, and you just might find your company in a stronger position than Facebook and Google.