A costly email
One email and an apparent failure to check was all it took for the government of Puerto Rico to lose more than $2.6 million. AP quotes the island's Industrial Development Company as saying the money was transferred after receiving an email advising a bank account had been changed. This type of fraud (known as Business Email Compromise) is a huge business which the FBI says resulted in $3.5 billion of losses last year. If your organisation hasn't experienced this type of attack yet, it's just a matter of time before it does. It's essential to have a clear policy that governs payment requests and any changes involving financial information. This should require confirmation that the request is genuine - and that involves using a trusted communications channel that means you're sure you're talking to the right person.