Burgess Hodgson Helps Hi-Way Services Through Major Acquisition
Posted: Case Studies News
Posted: News
Phishing scams are nothing new. In a high-tech world, however, they are smarter and more difficult to spot than ever. The good old days of badly spelt emails from Nigerian Royalty with money troubles are long gone. In their place are hyper-personalised, highly sophisticated and realistic messages harnessing the latest AI. To beat them, everyone has to be on their toes.
Just recently, we learned our own clients were the target of a scam, with an email that looked realistic and believable. It came from what, at first glance, looked like our domain, and asked the client to make a tax payment into a new account.
The email included lines like:
“I have personally just confirmed this is the bank details for all payments going to HMRC and will be the only bank details to be used.”
“We would be most grateful if you could give these matters your urgent attention to avoid penalties or serious issues with HMRC’s online services.”
Sounds legit, right? Sounds pressing too, right? A professional-sounding email, decent grammar and from a named person within the company, using our company email signature and believable domain. It’s easy to see how even a seasoned professional who has seen more than their fair share of phishing scams could be taken in.
But if you’re not extremely careful, not only could you lose a substantial amount of cash, but HRMC may well still be waiting for their money with all the penalties that might come with it.
Today, phishing scams are a world away from the old mass-mailed AOL password tricks of the 90s. They have become incredibly sophisticated, harnessing the latest AI and automation technology to effect realistic deepfake impersonations.
Attackers can gather publicly available information from sites such as LinkedIn, Facebook, X, earnings calls, conference talks or any public-facing site to tailor highly convincing personalised emails. AI technology can even be used to replicate the voice, video or writing style of individuals to make the attack seem hyper-realistic.
Let’s start by highlighting the red flags common in most scam emails (including the one referenced above).
Crucially, in our example email, many of the clearest signs are hidden away in the sender information. There were some other hints of a scam, such as the Account Name the scammer gave was a personal name, not a business name, and definitely not an HMRC account).
If you receive an email like this, seemingly from a known contact – and especially if it’s asking you to make a payment – verify the information in the email using the contact details you have on file for that person. Don’t just reply to the email, and definitely don’t make a payment into a new account – get clear confirmation direct from a source you trust.
Make sure everyone in your business is educated on the potential threats. It only takes one careless click or payment from one individual to breach your defences (and potentially lose you a lot of money).