security awareness accounts payable - sign invip.alltech.com/phish/shared documents/english...

SECURITY AWARENESSACCOUNTS PAYABLE

OPTIONAL HEADEROPTIONAL HEADER

WELCOME

SECURITY AWARENESS

Presenting:

• Connie Thompson MIS

• Peter Swail Internal Audit

ACCOUNTS PAYABLE


WHY THE EDUCATION?

Profile

1. Phishing emails

2. Mandate fraud

SECURITY AWARENESS ACCOUNTS PAYABLE


More than 1 in 3

companies are

impacted by

economic crime

In 72% of companies that

suffer from

fraud, at least

one person

inside colluded with the

fraudsters

24% of

organisations reported

cybercrime in

2014. This will increase to 30%

in 2015



WHAT IS PHISHING?

Email spoofing fraud where a scammer entices you to:

• reveal confidential information

• pay money to a fraudulent account

• give them access to your computer



EXAMPLE



WHAT TO LOOK FOR

• [email protected] vs

[email protected]

• Misleading link

• Urgency

• A reward

• A link, an attachment or a phone number



WHAT SHOULD YOU DO?

• TPL, Alric Blake, Flora Djojo, Maksim Halauniou or any Vice President will never request a money transfer without a confirmation call

• You MUST confirm the request:

oCall/text/email the source using known contact phone numbers from the Alltech address book

oLync confirmation

• Do not reply using the original email as you will be replying to the fraudster



WHAT SHOULD YOU DO?

1. Contact the bank to stop and retract the wire

2. Forward the fraudulent email to Tim Arthur, Mike Castle, Alric Blake, Flora Djojo, Maksim Halauniouand Peter Swail

3. Inform your manager

4. If you have shared your Alltech password, change it immediately at selfhelp.Alltech.com or call the ASSIST line anytime at 1-859-305-1654



FRAUD

• $3,500,000,000,000

• 5%?



WHAT IS MANDATE FRAUD?

Impersonation by phone, email, or post of a legitimate supplier requesting a change in the payment/bank account details which results in a payment to a fraudulent account.



WHAT TO LOOK FOR

• Inconsistencies or inaccuracies in the letterhead, address, signature or other component of an email or letter requesting a change in bank details

• Communication that threatens, conveys urgency, or asks for irrelevant information



EXAMPLE



WHAT SHOULD YOU DO?

• Do not change any vendor information until you have confirmed the details with a trusted source via a call

– Verification should not be made through the contacts in the ‘change of details’ communication



WHAT SHOULD YOU DO?

1. Contact the bank to stop and retract the payment

2. Forward the fraudulent correspondence to Tim Arthur, Mike Castle, Alric Blake, Flora Djojo, Maksim Halauniou and Peter Swail

3. Inform your manager

4. Contact the vendor



• https://aspen.alltech.com/sites/Campus/Training/Phish/SitePages/Phish.aspx

• Read

– ‘How to spot a phish’

– ‘Security Awareness – Accounts Payable’

• Complete

– Department of Defence online training

– Aspen survey

COMPLETE THE PROGRAM



http://iatraining.disa.mil/eta/phishing_v2/launchpage.htm


COMPLETE THE DOD PROGRAM


TAKE THE SURVEY


https://aspen.alltech.com/sites/Campus/Training/Phish/Lists/Finance%20

Team%20Training/overview.aspx


SUMMARY

“I see no more than you,

but I have trained myself

to notice what I see.”

Sherlock Holmes


security awareness accounts payable - sign invip.alltech.com/phish/shared documents/english...

Documents