Major market events like the recent Silicon Valley Bank development create opportune moments for criminal actors to commit fraud against unsuspecting company leaders via targeted social engineering campaigns.
As part of our commitment to serving our customers, we wanted to share a few best practices for avoiding fraud and mitigating risk to your business during critical account transitions.
Only share vendor payment information through secure channels.
Avoid sending sensitive payment information using unsecured channels, including phone, text, email, or Slack.
Monitor for vendor/supplier payment update requests.
Recent reports show that fraudulent actors are posing as companies that previously banked with SVB or Signature Bank, advising customers of those companies to send future payments to a different bank. Common indicators include email body misspellings or abnormal sender addresses. Always confirm requests to update vendor settlement instructions directly with a known contact at the vendor. Do not use contact information provided in the same communication containing the updated settlement instructions, instead use prior or existing contact information you have on file with the vendor.
Remind your employees to remain vigilant.
If you haven’t already, now is a good time to reiterate your company phishing reporting policies and provide examples of what to look out for – this applies to all employees from founders and finance to sales and support staff.
Require two-factor authentication.
Pay special attention to failed login attempt notifications, particularly with accounts assigned to senior executives and your finance department.
When in doubt, validate with your IT department.
Overcommunication is key to preventing problems caused by targeted phishing campaigns in light of events like the SVB collapse.
We are continuing to work around the clock to onboard new Rho clients. If you have any questions or concerns, please do not hesitate to reach out. We are here to help.