Not much will ruin a vacation faster than getting a call from your office that someone fell for a wire fraud phishing
But a little bit of planning before you leave the office can greatly reduce the chances of your team falling victim to an attack. Here’s what to do:attack, and your company has lost $100,000. Executive team vacations are a popular time for cybercriminals to strike, especially with CEO impersonation attacks.
1. Have a secure method for accessing wi-fi if you need it.
Public wi-fi typically isn’t secure. It’s not hard for a hacker with a little bit of experience to see what you’re doing if you’re on an unsecured wireless network, including what credentials you’re using when you log in to an account.
It’s also not hard for a cybercriminal to set up a network that looks like free public wi-fi that they can use to steal your data. If you’ll need to access wi-fi, using your phone as a hotspot is a much safer option.
2. Be smart about what information you’re sharing outside of your company before and during your vacation.
How do cybercriminals know when you’re out of the office? Probably because you posted about it on social media. That doesn’t mean you shouldn’t ever share posts picture from your family vacation on Facebook, or tweet about how you’re excited to attend an upcoming conference. But be aware that you’re sending out a signal that you’re out of the office when you do. Consider waiting until you get back to post.
If you’re like most people, when you’re out of office, you turn on an automatic reply with information about who to contact while you’re away. That’s helpful for people trying to contact you for legitimate purposes—and helpful for cybercriminals who want to target your company in a wire fraud attack.
They use these to figure out who your back up contacts are while you’re out of office, then pose as you and send them emails requesting money urgently. This blog post covers it in more details.
If you need to use an out of office reply while you’re gone, be smart about what you’re putting in it. If you need to put a backup contact, use generic emails addresses instead of specific team members—like firstname.lastname@example.org instead of your backup contact’s name.
3. Communicate and your team before you leave about how to respond to requests.
If you do need something from the office while you’re out, especially if it involves money or sensitive data, don’t request it via email. If your team get an email request for anything involving money or sending sensitive data, they need to confirm it via some method other than email, preferably a voice conversation (and they need to initiate the other communication method to ensure it’s real).
And, more importantly, make sure your team knows you won’t be requesting it via email. Talk to your team ahead of time and set very clear, and very strict, standards about how they should respond to requests while you are away. No exceptions—no matter who makes the request or how urgent the request is.
Really, this should be a standard for all times, not just while executives are out of the office. Wire fraud attacks are becoming increasingly popular and can cost your company thousands of dollars. And once the money is gone there is no getting it back.