A Tale of Two Bookkeepers

Movaci Blog Article – August 7th, 2024 

In today’s highly interconnected business environments, the security of your supply chain is as critical as the security within your own company. Threat actors are increasingly targeting trusted vendors to compromise their customers. At Movaci, we see firsthand how devastating these supply chain attacks can be, particularly through phishing schemes that leverage compromised email accounts. Let’s explore a practical example involving our customer, Alpha Industries, to highlight the importance of security awareness training. 

The Scenario: A Classic Supply Chain Attack 

Imagine Alpha Industries, a manufacturing company with multiple trusted vendors. One of their vendors, Beta Supplies, is hacked. The attackers gain access to Beta Supplies’ email system and send out fraudulent emails to Beta’s clients, including Alpha Industries. 

Example 1: Falling Victim to the Attack 

Meet Jane, a bookkeeper at Alpha Industries. One afternoon, she receives an email from Beta Supplies. The email looks legitimate, coming from a familiar and trusted email address. It informs her of an updated bank account number for a bill Alpha Industries was expecting to pay. Without hesitation, Jane updates the bank details in the system and processes the payment. 

A week later, Beta Supplies calls to inquire about the payment, which they haven't received. Shocked, Jane realizes she transferred the funds to a fraudulent account. The hackers had used Beta Supplies’ compromised email to trick her. The financial loss is significant, and the trust in their vendor relationship is severely damaged. 

Example 2: Detecting and Preventing the Attack 

Now, let’s consider a different scenario with Kimmi, another bookkeeper at Alpha Industries. Kimmi receives the same email from Beta Supplies about the updated bank account. However, thanks to the security awareness training she received through Movaci, Kimmi is cautious. 

She recalls that phishing attacks often come from familiar email addresses and decides to verify the request. Kimmi contacts Beta Supplies directly using a phone number she has used before, bypassing the contact information in the email. During the call, Beta Supplies confirms they haven’t changed their bank account details. Realizing the email is fraudulent, Kimmi reports it to Alpha Industries' IT department. 

The IT team investigates, identifies the phishing attempt, and alerts other employees to be cautious. Kimmi’s vigilance and adherence to her training prevented a significant financial loss and protected the company’s reputation. 

The Importance of Security Awareness Training 

The contrasting outcomes of Jane’s and Kimmi’s experiences underline a crucial point: security awareness training is indispensable. 

Movaci’s security awareness training equips employees with the knowledge and skills to recognize and respond to threats. Through regular training sessions, simulated phishing attacks, and continuous education, we help businesses like Alpha Industries build a human firewall. 

Our training programs cover: 

• Identifying phishing emails and other social engineering tactics. 

• Best practices for verifying unusual requests. 

• Proper channels for reporting suspicious activities. 

• Regular updates on emerging threats and attack vectors. 

Investing in security awareness training not only enhances your company's security and ability to avoid significant financial losses, but also fosters a security-conscious culture. At Movaci, we are committed to empowering your employees to become your first line of defense against cyber threats. 

Protect your business from supply chain attacks and other cyber threats by ensuring your team is well-trained and vigilant. Contact Movaci today to learn more about our comprehensive security awareness training programs and how we can help safeguard your organization. 

For more information on our services, visit www.movaci.com or contact us at sales@movaci.com.  

Stay safe, stay secure.