Preventing Invoice Hijack and Business Email Compromise2019-01-02T12:04:48+00:00

VaultConnect | Prevent Invoice Hijacking and Business Email Compromise

Businesses worldwide now face an unprecedented challenge from fraudsters who bypass traditional cyber security measures.

Business Email Compromise in its multiple guises now accounts for losses of over $12.5bn worldwide.    Sophisticated phishing attacks, sender impersonation and the interception of genuine emails are prevalent and increasing rapidly.   Fraudsters target financial transactions and hijack invoices to divert payments into accounts that they control.

Most email security measures rely on scanning incoming emails to identify anomalies.  This approach is limited to identifying scams where a fraudster is using a spoofed domain, malicious links or patterns of language common to a scam.  This only affords organisations protection against a small sub-set of the Business Email Compromise threat.

More sophisticated business email compromise scams (such as this one for example) use the email addresses of genuine suppliers.  The fraudsters adopt patterns of language used by the usual email sender and construct elaborate steps to evade detection.  Confirmation calls and other mechanisms of verification can also be pre-empted.

If an organisation were to rely on email security software to remove 100% of emails posing a threat, every legitimate invoice or email about a conversation would be captured.  100% False Positives.

Firms wishing to secure their processes are only as secure as their least vigilant supplier whilst ever there is a reliance on email for communication about financial transactions.

The only effective solution is to remove Means and Opportunity for the fraudster.  Taking the transaction details (invoices, bank details – even purchase orders) out of email and placing them in a secure environment where the parties involved can easily share information and communicate.

VaultConnect provides businesses with a highly effective and productive means of securing invoicing from suppliers and to customers.   

How VaultConnect removes the risk

By creating a secure environment for sharing and exchanging information, VaultConnect removes the fraudster’s access to the email exchange.   It is also possible to lock down read and edit access to the bank details where payment should be made – ensuring that only the intended recipient can provide details.

A shared area for information exchange creates the foundation for a secure process.  If business rules dictate that payments are only made to bank details that are within a secure Vault, then even if somebody poses as the other party in the transaction by email both parties know that the correct information is in the Vault.

As the Vault is accessible from any device on any modern browser, it also ensures that somebody posing as the CEO or Financial Director can be referred back to the Vault to update details.   There is no reason why they should be requesting payments by other means.

Each party in the transaction is alerted by when action within the Vault is necessary – but no details of what and why is visible to a fraudster, even if an account is monitored.

The process is secure, the tool is secure and the method is simple.   Don’t Transmit.

Business Email Compromise | Articles and Resources

Go to Top