Bath businesses are being urged to guard against sophisticated new cyber scams that use fake emails to trick finance staff into transferring funds into the criminals’ bank accounts.
The warning has come from specialist support firm Priority IT, which has had two of its clients targeted by online fraudsters in this way recently.
The scammers duped the businesses out of tens of thousands of pounds by sending email messages from what appeared to be their bosses and suppliers to their accounts departments asking them to move funds to into their accounts.
Trowbridge-based Priority IT managing director Kieran Thomas said the fraudsters sent an email to the financial controller of one of its clients that looked like it had come from the managing director, asking him to transfer money urgently to an overseas bank account.
“The criminals had set up a domain name that was almost identical to the MD’s email address, apart from one character that was different,” he said.
“Another client received an email purporting to be from a supplier in the Far East, notifying them that their shipment was ready for despatch and asking for payment. Again, the bogus email address was only slightly different from the real one.
“The fact that two of our clients have been targeted in this way means there could be many more local businesses at risk from the scam.”
Priority IT is urging Bath businesses to take action to protect themselves from such sophisticated attacks, known as ‘whaling’.
“You should instruct staff to confirm any email payment requests verbally with you first, or include a secret word or phrase in your emails to validate any payment requests,” said Mr Thomas.
“While the email addresses were incorrect in both the cases we have seen, the names of the managing director and supplier appeared correctly. So staff also need to check the ‘To’ email address and shouldn’t rely on just the name displayed when judging the authenticity of emails.
“By teaching your staff to be vigilant you can keep one step ahead of the criminals.”
Businesses unsure about the authenticity of a particular email can forward it to Priority IT at support@priorityit.co.uk and they will check it.
Priority IT was founded in 2010 by Trowbridge-born Kieran Thomas to provide professional IT support to local businesses. He had previously managed an IT support company servicing in-house clients across Wiltshire and Somerset.