Pa. busi­nesses warned about money trans­fer cy­ber threat

Pittsburgh Post-Gazette - - Business - By Pa­tri­cia Sa­ba­tini

of­ten use spoofed emails that are hard to dis­tin­guish from the le­git­i­mate email The Penn­syl­va­nia ac­count. For ex­am­ple: ja­nee­doe@ Depart­ment of Bank­ingxyzbuis­ness.com and Se­cu­ri­ties is warn­ing vs. jane­doe@xyzbusi­ness. busi­nesses to be on guard­com. against a grow­ing cy­ber • In­ves­ti­gate the re­quest threat known as the busi­ness be­fore act­ing. email com­pro­mise. Never trans­fer money or

Un­der the con, cy­ber­crim­i­nals send sen­si­tive in­for­ma­tion pose as com­pany un­til con­firm­ing the re­quest ex­ec­u­tives — trick­ing em­ploy­ees by phone or in per­son. with ac­cess to com­pany fi­nances into trans­fer­ring • Don’t use links or money into the crook’s phone num­bers pro­vided ac­count or re­leas­ing sen­si­tive in the email re­quest. In­stead, in­for­ma­tion. use phone num­bers

Busi­nesses can pro­tect and con­tact in­for­ma­tion them­selves by be­ing vig­i­lant known to be cor­rect. about fol­low­ing a few • Think be­fore click­ing. safe prac­tices, the depart­ment Don’t open at­tach­ments said. or links from un­known

• Look closely at the senders. The at­tach­ments email ad­dress. Scam­mers can in­stall Pitts­burgh Post-Gazette ware onto com­put­ers, al­low­ing cy­ber-crim­i­nals to in­fil­trate the or­ga­ni­za­tion.

• Work with IT staff to flag po­ten­tially fraud­u­lent emails. For ex­am­ple, a com­pany with the le­git­i­mate do­main name @xyzbusi­ness.com could flag sim­i­lar do­mains such as @xyz_busi­ness.com or @xyzbusines.com.

• Use multi-fac­tor au­then­ti­ca­tion when sen­si­tive or fi­nan­cial in­for­ma­tion is in­volved. For ex­am­ple, re­quire a sec­ond em­ployee to re­view and ap­prove re­quests for fund trans­fers.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.