CYBER SECURITY

BEWARE OF INVOICE FRAUD

BEWARE OF INVOICE FRAUD!


Cybercrime and attacks on businesses are on the rise. Indeed, since the beginning of the pandemic, there has been a 220% increase in phishing incidents. 

 

At the moment, attempts to achieve invoice fraud are a frequent occurrence and in November Banner was also the target for such a scam. Several customers received e-mails from cyber criminals posing as Banner. The fraudsters employed so-called “domain spoofing” to create deceptively real Banner mail addresses such as account@bannerbatterien.com.

 

 

Christian Ott
Chief Information / Digital officer

WATCH OUT!

The customers were requested to transfer open invoice items. In return, they would have received a fake Banner bank account for a monetary transfer. Unfortunately, domain spoofing cannot be stopped entirely and this is why it is extremely important for each of us to be vigilant and know how to recognise phishing emails. This year, Banner has tightened its IT security considerably and e-learning modules for sensitisation against cyber attacks are in use at the locations in Linz-Leonding, Traun and Energy Solutions.

 

Moreover, the rollout of these modules and phishing simulations are currently in progress throughout the group. Up-to-date information on IT security topics is distributed via the bulletin board, the IT security newsletter, info screens and info boards. Moreover, external IT security experts provide the IT department with regular support regarding improvement measures, current threats and security gaps.

This year, another IT security audit will take place, in which our systems and human conduct will be checked thoroughly in order to uncover possible weaknesses.

TIPS ON PHISHING MAIL RECOGNITION AND PROTECTION MEASURES:

 

  • Sensitive content. Do not respond to requests such as, “Please enter your password, account details, etc. via the link.” No serious company would make such a request.

 

 

  • Link preview. Hyperlinks are often created using the correct notation, however they frequently have another objective. One example from our phishing simulation: The linkname intranet.bannerbatterien.com led to the bogus destination officeonline.com-s02net. If you run the mouse over the link, you can determine if the name corresponds with the destination, but never click the link! This can lead to the installation of malware!

 

 

  • Urgency. In stress situations, people are easier to manipulate. Therefore, especially short time windows are an indication of fraudsters. An example, “Re-enter your password within an hour, otherwise your account will be closed.
Please accept the marketing cookies to see the content