As a reminder, AAFCPAs warns of sophisticated cyber phishing attacks directed specifically at senior executives and other high level targets within businesses and organizations. We have seen an uptick in the frequency of these types of attacks, called whaling schemes, where cyber criminals masquerade as a highly convincing business email which may appear to be sent from a legitimate business authority, or even from an internal colleague. The content is tailored for upper management, generally with the goal of tricking financial staff into making fraudulent wire transfers to bank accounts controlled by thieves. These targeted attacks are known to exploit the close relationship between CEOs and CFOs. Other Reports of Whaling Schemes include emails appearing to be a legal subpoena, or customer complaint. The FBI calls such campaigns Business Email Compromise (BEC), and noted that as many as 7,000 US businesses have been victimized by such scams over the past two years, resulting in some $740 million in losses.
AAFCPAs encourages our clients to develop countermeasures to risks, including regular security awareness training of employees, adequate internal control processes, and regularly updated & assessed technology controls.
At the minimum, use caution when responding to emails even if they appear to originate from a trustworthy source. Question the source and the intent of such emails. Do not reply to those emails; instead pick up the phone and verify the validity of such a request with the source.
For more information about cyber security and IT risk assessment, please contact your AAF Partner, or James Jumes, leader of AAFCPAs’ integrated business & IT advisory practice at: 774.512.4062 or jjumes@nullaafcpa.com.
James joined AAFCPAs in 2013 to lead the firm’s Business Process & IT Consulting practice. He leads a team of senior technologist in the delivery of solutions related to business intelligence & productivity, information risk management and cybersecurity, and special IT attestations, compliance, and certifications. His goal is to strengthen the links between people, process, and technology, which increases productivity and drives business growth.
James has more than 30 years of experience working with information technology …
0
We use cookies to ensure we give you the best experience on our website. By continuing your visit, you consent to the use of these cookies. See our:
Functional cookies
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
The FBI calls such campaigns Business Email Compromise (BEC), and noted that as many as 7,000 US businesses have been victimized by such scams over the past two years, resulting in some $740 million in losses.