Through Business Email Compromise, e-mail and data breaches on the vendor side can leave your account susceptible to attack and subject to the loss of significant funds.
To protect your organization, it is important to conduct due diligence before sending funds electronically, including:
- When you receive a payment request from your vendor via e-mail, contact them through a different method (i.e. phone call to the number on file) for verification
- If the payment instruction includes new bank or account information be vigilant with authentication
- Be careful with sharing identifying information online or on social media
- Don’t click on anything in an unsolicited email or text message asking you to update or verify account information and verify the company’s phone number independently
- Carefully examine the email address, URL, and spelling used in any correspondence. Pay attention to minute details including spellings and verify that the site is trusted
- Never open an email attachment from someone you don't know and be wary of email attachments forwarded to you
- Confirm requests for transfers of funds or make changes to an account by using phone verification as part of a two-factor authentication using previously known numbers on file
- Once your vendor confirms the authenticity of their request, ask for an additional e-mail confirming the phone verification. This is important if the phone call was not on a recorded line
- Be wary if the requestor is pressing you to act quickly
