Employees have numerous responsibilities and duties when working for a governmental entity. Whether it’s a state or local government, or a public or charter school system, being a governmental employee comes with a deep understanding of the importance of internal controls and procedures to ensure operations are compliant with laws and regulations and meet the needs of constituents. The same diligence applied to operations should also be applied to an entity’s cybersecurity measures.
One type of attack that scammers often target government workers with is Electronic Fund Transfer (EFT) fraud due to employees frequently collaborating with outside vendors. Scammers have become more elusive with their schemes with many organizations including governments turning to paperless financial options. To ensure that your organization doesn’t fall victim to EFT fraud, here are three significant red flags and prevention techniques to consider implementing at your workplace.
Signs of EFT Fraud
Request sent by email. One of the most common signs of EFT fraud is the use of an email request for fund transfer. Emails are quite easy for fraudsters to manipulate to appear legit through obtaining basic contact information from social media or company websites. This type of email manipulation with the intent of accessing crucial information is called phishing. To avoid falling trap to a phishing attack, it’s best practice to never respond to an email request. Instead, call the requestor directly with the contact information you normally use, not what’s provided in the email, to verify the ask.
Urgent messaging. Whether it’s with an email or phone call, another tactic fraudsters love to use is urgency. Whenever someone is requesting a transfer with an abnormally tight deadline, always be wary and confirm legitimacy before taking any action. Even if it’s a senior leader that appears to be calling you for the request, be sure to double-check with the person afterward, by returning a phone call using their known contact information before proceeding. There is always time to wait and confirm the transfer is secure, being safe will always take priority over meeting a deadline.
Vendor account changes. This sign often pairs with the email request red flag noted above. Anytime a vendor notifies you of banking account changes, it’s best to verify with the contact using a trusted method of communication and never assume it’s legit without double-checking.
Regular phishing training. With most fraud attempts occurring via email, having employees take routine training is a terrific way to equip team members with the knowledge and resources to spot a phishing attack. Training should be continuous and regularly updated, just as fraudsters evolve their methods to trick their victims.
Robust EFT protocols. Paperless financial processing is the way of the future, so now is the time to implement strong internal controls around EFTs. Some of these controls might include:
- Establishing limits around the amount of money that can be involved in an EFT
- Requiring vocal confirmation of EFTs by the known party or two-factor authorization of fund transfers
- Having more than one employee be involved with processing EFT requests
- Perform test transfers with a small amount of money before sending the transfer in its entirety to validate the account
Ensure computers are secure. Investing in strong anti-virus software for the computers at your organization is crucial to protecting against malware and cyber-attacks. Depending on the cyber-attack, a fraudster can remotely control an employee’s computer and gain access to critical information like account details. Robust security software can monitor and detect an attempted attack so confidential information remains just that.
The amount of money lost due to EFT fraud can be devastating to a governmental entity. Embracing a culture of education and wariness in the workplace is incredibly important for making a long-lasting difference in avoiding cyber-attacks. By communicating the common signs and implementing strong protocols, you can rest assured that your organization is protected against fraud. If you are curious to see how your current security measures stack up, BerganKDV can help. Take our free mini-assessment to determine the health of your organization’s information security.