Policy News Journal - 2015-16

Be on the lookout for unexpected invoices 17 April 2015

Fraudsters are targeting businesses by hiding malware inside fake invoices emailed to them which then steal online banking credentials.

New information has come from Financial Fraud Action UK’s ( FFA UK ) intelligence unit – the Financial Fraud Bureau.

The new tactic involves fraudsters emailing a business with an invoice purporting to be from a regular supplier or other trusted source. The invoice will be a normal looking word processing or spreadsheet document, however to view the file the recipient has to enable a macro – a set of pre-programmed instructions for a computer. Unknown to the user, this macro actually installs malware – malicious software – onto their computer. The malware, which can infect the business’ entire computer network, will then log the company’s online banking credentials, along with other financial information, before sending it back to the criminal. The data is then used to steal money from the business’ bank account. It is thought that fraudsters are changing their tactics as businesses become increasingly aware of the threats posed by unsolicited phishing emails. In this new method, criminals often try to mimic the email address of a legitimate supplier, or compromise their email address, in a bid to trick the recipient into thinking the invoice is genuine. In some cases, fraudsters will even replicate the email address of someone working in the same company as their victim, tricking them into thinking the invoice has come from a colleague or manager.  Be on the lookout for unexpected invoices or unusual payment requests, especially those arriving in different file formats to normal.  Avoid enabling any macros on an untrusted document. (Macros in themselves are not dangerous and do serve a legitimate purpose – but they can be used to hide malware).  If you’re suspicious – don’t reply to the email but instead call your supplier on the number that you have on file to check the authenticity of the invoice.  Ensure you have the latest anti-virus and security updates installed on your computer and consider using high-level macro security settings in software applications.  Ensure strong firewalls are in place to help detect malware and prevent data leaving the network without permission. This can be achieved through investing in IT and seeking professional advice.  Consider using a separate computer dedicated to making online payments to minimise security risks To avoid becoming a victim of the scam, accounts departments are being warned to: Three-quarters of staff not told what they need to achieve to get a pay rise 17 April 2015 CIPD warn that unless employers start thinking more strategically about pay and improving communications about pay decisions, they will not only fail to meet rising expectations but are also unlikely to see their increased salary bills paying off in the form of much sought after productivity gains. Research from the CIPD, the professional body for HR and people development, reveals that more than half of UK workers (53%) received a pay rise in 2014 (compared to 51% in 2013) and almost two-thirds (63%) are optimistic about receiving more money in 2015 But the ‘Employee attitudes to pay and pensions’ survey found that the typical pay rise has been just 2% for two years running, leaving almost half (48%) unsatisfied with their employer's pay decision. The majority expect the same level again in 2015 yet more than three-quarters of staff (76%) haven't been told what they need to achieve to get a pay rise and just a quarter (26%) of workers agree that their employer is giving them the training they need to increase their earnings in the future.

Charles Cotton, Performance and Reward Adviser at the CIPD, comments:

"This month, many employers will be spending a lot of money on increasing their employees' pay as part of their annual pay reviews. But to get a return on this investment our research suggests that employees are more likely

CIPP Policy News Journal

25/04/2016, Page 96 of 453

Made with FlippingBook - Online magazine maker