With July 4th in the rear-view mirror, we’re now in peak summer season, which means baseball season. (I happen to love baseball and equate it with long summer nights, hot dogs, sprinklers, and days off from school.)
If you’re not that familiar with baseball, there’s this thing called a triple play where the defense gets 3 outs on a single batted ball in play. Trust me, it’s a very rare and special event. We’ve put together our own triple play of three free mission critical cybersecurity webinars in July -- and for the Florida Bar member readers, these provide free full CLE credits! (Details below.)
Yes, summer is all about baseball, but it’s also unfortunately about cybercriminal lures targeting lawyers, insurance professionals, money managers, accounts receivable staff, and many others, which disrupt normal business money flows.
Here’s the latest cybercriminal scheme that has impacted folks we know. We’ll call it The QuickBooks Cash Crevasse.
How does it work? Despite all your multi-factor login and security settings, when cybercriminals are eavesdropping on your staff’s email inbox (in particular, your in-house or outsourced bookkeepers, accountants, tax preparers, accounts receivable staff, or others who may have access to setting up your merchant payment processor account), they can stealthily work through the process of email verification. They can update access to your merchant payment processor account (at QuickBooks Payments for example or your local bank or specialized payment processor).
Once in the account, they can change notifications to come ONLY to them. Then they will change the payment clearinghouse bank account (i.e., your bank) details swapping them for an offshore bank account owned by cybercriminals. This is happening and is costing many companies critical cash flows!
What happens next? Your clients pay you by ACH or credit card as normal (the payments are collected by your merchant processor), and your merchant processor sends funds to who they think is you in the normal manner. Three days after customers make payments, you are expecting the funds. However, the IMPOSTOR BANK ACCOUNT is now the payment receiver in the QuickBooks Payments system.
Funds are, thus, collected by QuickBooks Payments and sent to the cybercriminal, and you or your accounts receivable team will have no idea that this is happening until a week or so after the fact. For larger organizations, they may typically find out several weeks after.
The longer the fraudulent transfer is hidden, the less likely transferred funds are retrievable. The FBI reports that 72 hours after a payment is lured and sent internationally (especially to the parts of the world where these payments are going), it is nearly impossible to retrieve. It’s like the funds are sent by your payment processor, like QuickBooks Payments, into a vast cash crevasse. (Hence the nickname for this scheme: QuickBooks Cash Crevasse.)
Falling victim to cybercrime can be truly disastrous, and no corny sports metaphor here can sum up how serious a matter this can be. That’s why we think you and your staff should attend any (or better, all) of these sessions that are free and open to everyone.
AND remember, if you are a Florida lawyer, you’re in luck – you can attend and check off a slew of free Florida Bar CLE credits. Here’s the line-up:
More? Yes, if you are swinging for the fences and want the home run, here is a session to help you round the bases:
These sessions are brought to you by The Florida Bar’s Legal Fuel practice management center and RPost – and, again, are free and available to everyone being targeted by cybercriminal lures. And that’s everyone!
Florida Bar member lawyers receive 1 free general, technology, or ethics credit with the Florida Bar for EACH session. Feel free to contact us to learn more about these free Florida Bar full CLE credit webinars or RMail in general.
November 24, 2023
November 17, 2023
November 10, 2023
November 03, 2023
October 27, 2023