A recent highly-publicized event in Alberta is a good reminder on protecting your organization from being hooked into a phishing scam. In this type of swindle, emails are directed to specific people within an organization advising of a change in banking information and to forward all future payments to this new account. These emails appear to be from a known vendor partner, but can have all the warning signs of being from someone completely different.
If you are not sure if the email is from your vendor partner, there are few things you can do to protect yourself and your partners:
- Call the contact number you have on file to verify the instructions were indeed from your partner.
- Try to have at least two current contacts on file that you can verify any change in financial instructions.
- Do not use the phone number in the email as it likely is a number that the scammer will answer.
- Do not click on any links or attachments on a suspicious email as it could lead to other problems such as ransomware. Instead, hover over the link to see if it matches the text provided or looks like an appropriate address.
- Contact your IT support group to validate the email as not being spam.
- Look for spelling errors, out of date copyright or branding in the email.
- Check the email address to see if it is exact and not just close – for instance, the phishing email address ends in “.co” instead of “.com” or “.ca”.
- Be suspicious of any email that asks you for your password, money or personal information.
Take steps to protect you, your organization and your stakeholders. AMSC insurance members may be able to respond with resources should your organization be impacted by a phishing incident. It is important to contact our Claims Department immediately. For more information on cyber and/or crime insurance, contact AMSC at 1-866-250-6117.