This week we observed two interesting events in our offices. One was an excellent phishing attempt and the other a bad billing system. Both of these events illustrate problems for business owners and individuals.
We have become very adept at spotting phishing here at KnightsBridge Castle. This morning we were notified by American Express about our business account and the necessity of capturing our business expense records before year end. The email said that to print out our business records we should click on the Amex link provided in the email and print the records. We clicked, and were presented with a very good looking clone of the Amex site. It pitched signing up for the service of printing the expense records. All we had to do was logon. At this point we stopped. Why?
We don’t have a KnightsBridge Castle corporate account with American Express. And the corporate accounts we do have allow us to print records as part of the basic service. Further our systems searched for the URL identifier of the linked site and came back with an unregistered URL! Further investigation indicated the possibility of a redirect from the URL to an unknown site. Was this a scam? Absolutely.
Now the other side of the coin.
We began to receive bills from a credit card processor by email that we did not subscribe to. The bills were from one of the largest firms. Our CFO & CPA were convinced it was fraudulent. False billing is a common fraud and large companies often pay without thinking. We all reviewed the billing notice and the several others that followed. We did not respond.
Then our credit card processing was momentarily turned off. Why? It turns out that our credit card processor had been purchased by the larger company. The larger company had failed to notify us. The company with whom we had the account continued to process our information and send its billing data. However due to confusion in the acquisition the acquiring company had also sent billing records.
This then presents a new challenge to businesses. How can one determine if a bill is valid or if it is fraudulent? In our case we always assume fraud unless we have some certainty that it is valid. Our caution here bit us because the new company failed to properly notify us and to provide adequate and correct account information
We will not change our policy on these bills. The acquiring company was PayPal. We have discussed this matter with them, they admit the error, but seem to have little concern about this issue. Given the number of times the name of PayPal is used in phishing we would expect PayPal to do a better job.
0 Comments:
Post a Comment
<< Home