Wow. The hackers picked the PERFECT invoice to hack: a TradeMe sale. This was a one-off payment to a new account (so the Golden Bay business wouldn't have the payment details already on record). The worst of it is that the business was unable to make a claim on their insurance, as, by the time the whole debacle was unwound by the Police, it was more than twelve months down the track.
In my view, the business did not act foolishly. Both the employee and the Tauranga school teacher did.
- The GB employee should not have loaded an unverified memory stick into the work system. Habitually using a sandboxed machine may have prevented the malware payload... although it is hard to know without knowing the technical details. The employee stopping to think about the potential ramifications would have helped.
- The Tauranga school teacher could have asked why the SA man could not have used PayPal; or checked the reference or the code on the deposit to her account and then checked with her bank. The 'if it feels too good to be true, it is too good to be true' dictum needs to be followed, particularly for internet romances. More suspicion and critical thinking are required when our only experience of someone is virtual.
What else? We need to run malware and other checks regularly. Keep antivirus software up to date. Train our staff, and get them to read articles like the one below so they are regularly reminded how we all contribute to organisational safety.
This has made me cringe, as students often bring their work in on a memory stick, despite me asking them to upload their files into our online dropbox. There is nothing like a reminder to NOT let any unverified memory sticks into our networks. A timely reminder for me to get students - and clients - to follow the rules, with no exceptions on memory sticks, and to tell them why.
At home I use an old laptop for memory sticks. Also, when I lend memory sticks, I reformat them afterwards on that sandboxed machine, and this is a good reminder of why I should continue to do that.
And I would be interested to hear any other simple ideas that a small business could take to avoid such scams :-)
Sam
- Reference: Hindmarsh, N. (21 November 2017). Complex scam sees hacker steal thousands from unsuspecting Kiwis. Retrieved 22 November 2017 from https://www.stuff.co.nz/business/99085989/complex-scam-sees-hacker-steal-thousands-from-unsuspecting-kiwis
No comments :
Post a Comment
Thanks for your feedback. The elves will post it shortly.