Once a family oriented game for all ages, cyber criminals have changed the game and are continually changing the rules, so much so, organizations and individuals have challenges keeping ahead of their game. When someone sends emails pretending to be from reputable or well-known companies or known individuals with a goal of tricking individuals to reveal personal information, such as passwords and credit card numbers, that activity is known as phishing. Like fishing for information, phishing attacks can happen to anyone at any level of the organization. Some of the most costly phishing attacks have involved sending emails to employees in the accounting and finance departments that look like wire transfer authorizations from an executive level officer, such as the CFO or CEO. A well-meaning employee, in his or her desire to quickly respond to the request, fails to stop and scrutinize the details of the request. They may be hesitant to pick up the phone and call the executive or their supervisor to verify the request. Some phishing attacks are detected immediately while others fly under the organization’s radar. The longer the attack goes unnoticed, the more difficult it will be for the financial institutions involved to trace the wire to an account and recover the funds. That leaves the organization with no pairs to lay down, no cards to play, and the loser of the game. Have you been phished recently? Do you know the signs of a phishing attack?
NOTE: This general summary of the law should not be used to solve individual problems since slight changes in the fact situation may require a material variance in the applicable legal advice.