Is that really your boss on a video call?
A clever new fraud is being targeted at staff – where criminals impersonate their boss on a video call to steal from the business’s bank account.
Cyber security expert John Miller, of Smarter Technologies Ltd says it’s too easy for staff to be fooled.
“Imagine you were on a video call with your boss. That’s an everyday situation right now,” he said.
“But your boss claims their audio and video isn’t working properly. There’s just a still picture of them displayed.
“Instead they are messaging with you via the chat function, saying how frustrated they are with technology! They throw a few urgent tasks at you, including asking you to pay an urgent invoice from a new supplier. It’s a very feasible situation and many people would just pay.”
But in that scenario it’s not the boss at all and there’s no new supplier. It’s a cyber-criminal, who has got access to the boss’s email account and set up the whole thing. The funds are going into their bank account.
“Just by breaching the boss’s email account, they can send emails to set up video calls and reset the password for the video call platform,” John added.
“Moving the conversation onto a video platform is very smart. Psychologically, most people would believe it was their boss who was connected. And AV issues can be common on calls.”
John says the best defence against this is to stop hackers from getting into email in the first place. That means using long random passwords, a password manager to remember them, and multi factor authentication – where you generate a login code on a separate device.
Regular staff training can also help staff have the confidence to challenge the person they’re speaking to if something doesn’t feel right.