Supply Chain Fraud can happen in a number of ways but we see far too many where the easiest & simplest of things haven’t been done, especially with e-mail & CRM systems. Companies in the supply chain that haven’t enabled Multi Factor Authentication (and often also haven’t enabled Sender Policy Framework or DMARC, so anyone, anywhere can send email as if from them).
A fake internal email from a colleague with a link to ‘an important document’, a fake login page to the shared on-line drive that then gives away the users logon, then use that genuine account to send just one more email in an existing thread, topped & tailed like all those before. This will not be picked up by filtering services … because it is a genuine email, from a genuine mailbox of a genuine supplier and the end user has no reason to believe it isn’t a continuation of a genuine thread.
It is time for companies to test, educate and secure their supply chain as ultimately it is looking after their own interests too. Collaboration to keep all secure and in business.
You would be surprised by what we are able to deduce from a domain name or better still a header from a genuine email – use our FREE Supply Chain Check to test yours.