Like many businesses in recent times Fox and Thomas was this week the victim of a malware/phishing attack by unknown parties.
Unfortunately, they managed to gain email addresses for a number of clients and colleagues. While we hope there are no ongoing issues, we felt it would be worthwhile sharing some of the impacts that we are aware of from clients and colleagues in recent times.
We understand one of the biggest risks from this kind of breach is subsequent phishing attempts with fake invoices or requests for payment. There have been many instances where businesses and individuals have been targeted by scammers who send an invoice, or payment request, using the businesses branding that look authentic, but with altered bank account details. Large organisations are particularly vulnerable as often the accounts department will look after payment processing.
As a general rule, we recommend if you receive invoices with changed bank account details that you confirm the change with a telephone call. Email confirmation may not be reliable. Once you have confirmed the change is correct then save those details in your online banking records.
With email communication and the use of online search engines, it is vital that not only is your operating system software updates current, but that you maintain current virus protection with regular scanning. Often this will be the only defence against malware attacks as a result of clicking on links or downloading malicious software applications.
As electronic fraud becomes increasingly sophisticated our measures to prevent this type of fraud continue to evolve. As a further defence, particularly against these login phishing scams, we are implementing a multi-factor authentication (MFA) system for our email accounts.
You can read more about multi-factor authentication online, but in brief it involves a two-step login process that generally uses both your usual login and also a call or text to your mobile phone requiring a response. You may have used a similar system for making larger or new payments via online banking.
With the ever-increasing speed of change, we are all required to continue to review our security measures to ensure we have the best possible systems in place to protect our businesses and confidential information.
If you have any questions or concerns, please contact Kerri Vincent on 07 4671 6000.