Pa. businesses warned about money transfer cyber threat
often use spoofed emails that are hard to distinguish from the legitimate email The Pennsylvania account. For example: janeedoe@ Department of Bankingxyzbuisness.com and Securities is warning vs. janedoe@xyzbusiness. businesses to be on guardcom. against a growing cyber • Investigate the request threat known as the business before acting. email compromise. Never transfer money or
Under the con, cybercriminals send sensitive information pose as company until confirming the request executives — tricking employees by phone or in person. with access to company finances into transferring • Don’t use links or money into the crook’s phone numbers provided account or releasing sensitive in the email request. Instead, information. use phone numbers
Businesses can protect and contact information themselves by being vigilant known to be correct. about following a few • Think before clicking. safe practices, the department Don’t open attachments said. or links from unknown
• Look closely at the senders. The attachments email address. Scammers can install Pittsburgh Post-Gazette ware onto computers, allowing cyber-criminals to infiltrate the organization.
• Work with IT staff to flag potentially fraudulent emails. For example, a company with the legitimate domain name @xyzbusiness.com could flag similar domains such as @xyz_business.com or @xyzbusines.com.
• Use multi-factor authentication when sensitive or financial information is involved. For example, require a second employee to review and approve requests for fund transfers.