Lessons Learned from a Close Call with a Sophisticated Phishing Attack

Lessons Learned from a Close Call with a Sophisticated Phishing Attack
Lessons Learned from a Close Call with a Sophisticated Phishing Attack
Written by Heather L. Cole, February 22nd, 2024

Last week brought to light a harrowing experience as Lodestar had a close call with a phishing attack. This close call served as a stark reminder of the sophisticated threats lurking in the digital realm. A routine follow-up with a client on a past due notice took an unexpected turn when communication abruptly ceased, unveiling a sinister plot by a phishing scammer who had infiltrated our email exchange. (Yes, we use Microsoft and leverage multifactor authentication.) The attacker, posing as our team, deceitfully requested a change in the ACH payment details, aiming to reroute a significant sum to a fraudulent account. This revelation came about when an accounts payable person from the client's side raised a red flag about a delayed payment due to supposedly updated bank information.  The accounts payable person had called to validate the fraud and they answered posing as a Lodestar team member.

This incident was a wake-up call, emphasizing the need for heightened vigilance and robust protocols in our interactions. The scammer had crafted emails with such precision, complete with a forged form and a seemingly legitimate bank letter from JP Morgan Chase, that they nearly succeeded in their ploy. Our saving grace was the immediate action taken to clarify the unchanged status of our bank details, a step that prevented a potentially disastrous financial loss.

Hard-Earned Insights

The ordeal shed light on several key lessons:

  1. Verification Protocols: It's imperative to establish stringent verification processes for any changes in account details. In an era where AI can convincingly mimic voices and even create realistic video responses, traditional validation methods may no longer suffice.
  2. Scrutinize Communication Channels: Always verify the authenticity of phone numbers and email addresses provided for financial transactions. An unfamiliar contact detail should raise immediate suspicion.
  3. Payment Validation: Instead of relying on easily accessible information like the last four digits of an account number, request validation of the exact amount of the last payment. This adds an additional layer of security to the verification process.
  4. Training for Vigilance: Educate all team members, especially those in accounts payable, to recognize potential red flags, such as sudden changes in communication style or unexpected requests.
  5. Advance Notice for Changes: Implement a policy requiring a 30-day notice for any changes to payment details, allowing ample time for thorough verification.
  6. Authentication of Bank Letters: If a bank letter is provided, ensure it includes verifiable contact details of the bank representative. A quick call or email to these banking contacts can unveil a fraudulent attempt. Another option is to look the person up on Linkedin, do they exist?
  7. Leverage Technology: Utilize ACH debit controls to restrict unauthorized withdrawals and consider adopting a positive pay system to verify checks before they are processed.

This incident not only highlighted the importance of being proactive in securing financial transactions but also reinforced the value of transparency and communication with clients. By immediately alerting our clients to the potential threat and reaffirming that our banking details had not changed, we strengthened our relationships and collective security.

Moving Forward

In light of this experience, we revisited and fortified our banking procedures, a testament to the continuous need for vigilance in the digital age. This story serves as a cautionary tale and a call to action for businesses to reassess their cybersecurity measures, particularly concerning financial transactions. The sophistication of phishing scams is ever-evolving, and staying one step ahead requires both adopting advanced security measures and fostering a culture of awareness and skepticism toward any unsolicited changes in financial procedures.

Let our story be a reminder of the cunning tactics employed by cybercriminals and the crucial importance of maintaining stringent security protocols. In doing so, we not only protect our assets but also preserve the trust and integrity of our business relationships.

To all our Financial Executive friends, please take a minute to review your procedures for changing bank information.  I am happy to discuss what I almost learned the hard way!

Lodestar is a boutique firm that prides itself on honesty and transparency. Whenever we learn something new, we share it! Be sure to check out other Lodestar Solutions blogs HERE to learn more about better business practices.