Reply to post: Don't think so

Hacker takes down CEO wire transfer scammers, sends their Win 10 creds to the cops

Pascal Monett Silver badge
WTF?

Don't think so

The real solution is to have proper checks and balances, and a CRM solution that is up to date.

If these spammers can send you mail that looks like your Financial Officer in <other country> needs money, then they can probably send you one that looks like the Secure Mail conditions are correct, even if the normal flags are red.

Managers are not technical people. However, sending money should be an easy affair of telling the local accountant : send this amount to our <country> branch, and ask a report as to why they need the money. The accountant then fires up his accounting package that has the IBAN account number and does the transfer.

Of course, the real CEO of <country> branch then calls to find out what the hell is going on. the situation is resolved without trouble.

The issue is only that people get mails telling them to wire money to an account in the email. Sorry, that should just never work. You tell me to send funds to one of my suppliers, I don't need your mail to know what account to send the money to. I will also check whether or not I have any pending invoices with that customer before sending anything.

Organization, people. It is just inconceivable that major organizations depend on IBAN account numbers sent in emails to do their work. If they are so big as companies go, then they have all the details in their accounting packages, so why is this a problem ?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019