116 Gawler Place, Adelaide SA 5000 1800 818 875 [email protected]

Cyber CEO - Man-in-the-Middle Attacks - Image

Cyber CEO –

Man-in-the-Middle Attacks

Welcome to another Cyber CEO video. Here, we focus on man-in-the-middle attacks, which pose a risk to businesses. In these attacks, criminals intercept communications between you and your suppliers. One common result is an invoice redirection scam, where payments are sent to a fraudulent account. This can lead to significant financial losses, especially for small and medium-sized businesses. We’ll explain how these attacks work, why they matter, and what simple steps you can take to protect your business. Stay informed and learn how to prevent becoming a victim of these scams.

What is Man-in-the-Middle Attacks?

 

Man-in-the-middle attacks occur when a third party intercepts communications between two entities. In business, a particularly relevant type of this attack is known as the invoice redirection scam.

How Does It Work?

Here’s how it works: Your accounts payable team communicates regularly with a supplier. Over several months, a criminal hacks into your supplier’s systems and eventually sends you a fraudulent invoice with altered bank details. If you pay this invoice, the money goes to the criminal instead of your supplier. The average amount lost in such scams is between $40,000 and $50,000, which is a significant loss for small and medium-sized businesses.

Man-in-the-Middle Attacks

According to the ACCC, small and medium businesses reported losses of $128 million due to these scams in 2020 alone. It’s important to note that these attacks don’t target your systems directly but rather those of your suppliers. This makes your cyber security measures less effective in this context since the breach occurs elsewhere.

What Can You Do to Protect Your Business?

  1. Verify Invoice Changes: Implement a process to manually verify any changes to invoice details, such as new bank account numbers, before making payments.

  2. Secure Storage of Bank Details: Store bank details in your accounting system and business banking portal rather than relying on details provided in invoices.

  3. Protect Your Systems: Ensure your own systems are secure to avoid becoming a link in the chain of such scams. Use multi-factor authentication for your email accounts and secure your accounting systems.

  4. Communicate Payment Policies: Clearly communicate your payment process to clients and suppliers. Include a note in your email footer or on your invoices stating that you will never change payment details via email or invoice, but only through a formal letter.

By following these steps, you can reduce the risk of falling victim to invoice redirection scams. If you need assistance in setting up cyber security for your business, contact us!

// Need more help?

Contact our team today.



    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    Related Posts:

    Google Rating
    5.0
    Based on 52 reviews
    ×
    js_loader