We are also aware of the potential EFT fraud and only send them in special circumstances (advance deposits or non-US vendors) after their information has been verified. Another form of fraud is a supposed email from an existing client changing their banking information. Any changes we receive, either by email or mail, are verified by phone. We pay almost exclusively by check to try and prevent any of this.
------------------------------
Frank Sica AIA
Senior Vice President
Cannon Design
Buffalo NY
------------------------------
Original Message:
Sent: 06-04-2021 01:59 PM
From: Ronald Battaglia
Subject: "Man in the Middle" Cyber attacks
Recently we learned of "man in the middle" cyber attacks. Email addresses of clients and firm staff are overtaken by a "man in the middle" scheme posing as you and your client. According to Microsoft some nefarious entities monitor email messages related to accounts payable and posts emails that appear to be from each party but are not. This middle man convinces the client that your firm no longer accepts payment by check given potential mail delays/fraud and provides an electronic funds transfer account number. The unsuspecting client transfers the funds to the middle man and the payment evaporates.
To prevent this cyber attack we are advising every client via USPS that we do not accept payment by electronic fund transfers and to contact us immediately by phone should they receive any correspondence that requires ETF payments. In addition Microsoft has required that users of Office 365 engage dual authentication for all Microsoft programs on all platforms.
Ronald Battaglia, FAIA
Sent from Mail for Windows 10