Unfortunately, attacking from the inside is still a popular choice for hackers and fraudsters. Phishing attempts have gotten a lot better, with legitimate-looking emails asking for sensitive account information or deploying malware with a single click.
Phishing attempts are no longer limited to email. According to the 2022 Global State of Mobile Phishing report, more than 50% of personal devices were exposed to mobile phishing every quarter. These include tactics like voice phishing, SMS phishing, and QR code phishing.
Employees must be on the lookout for such attacks. For that to happen, they need to recognize phishing attempts through ongoing education, especially in the rise of fraudulent payments, such as check fraud, and AI-fueled attacks.
“I've talked to some … folks that have had people listen in on earnings release calls and record those to get the computer to learn the cadence of speech and tone,” said another attendee of Atlanta’s Insight on the Road. “They can use AI tape technology, call a finance person, leave them a voicemail in the voice cadence of your CFO saying, ‘Hey, I need you to send this money to XYZ.’ And you can hardly tell the difference.”
Work with your IT team to determine the best way to do combat phishing and fraud efforts, whether it’s online coursework, internal memos about the latest phishing schemes (with examples), or other education.
And it should go without saying that your team’s security tactics should be top-notch. Strong password requirements, multi-factor authentication, and limiting devices with access to sensitive data can go a long way in stopping fraud in its tracks.
To further survey the weak spots your organization may have, review your payments acceptance policies and encourage business partners to modernize how they pay. If check fraud is a significant concern, ACH and eCommerce could serve as an alternative to checks.