The New Face of Corporate Fraud

The Shift from Email to "Vishing"

Traditional Business Email Compromise (BEC) is becoming harder to execute as email filters improve. Vishing (voice phishing) bypasses these technical safeguards by exploiting human psychology.

• The Trust Factor: We are trained to spot fake URLs, but we haven't been trained to question the voices of people we know.
• Emotional Manipulation: Scammers use AI to replicate urgency, fatigue, or anger. This emotional pressure disrupts logical thinking, making victims act faster than they should.

1. Establish Verification Protocols

Adopt a "Zero Trust" policy for all voice-based requests involving money or sensitive data.

• The Call-Back Rule: If a request comes in via phone, hang up and call the individual back on a known internal number or confirm the request via a secondary encrypted channel like Teams or Slack.
• Safe Words: Some firms now use internal "challenge-response" phrases or safe words known only to authorised personnel.

2. Evolve Security Training

Outdated training focuses solely on passwords and links. Modern programmes must address synthetic threats. Employees need to know that caller ID can be spoofed and a familiar voice is no longer a guarantee of identity. This training is essential for finance, HR, and executive assistants.

3. Slow Down

Scammers rely on panic and speed. Introducing deliberate pauses and multi-stage approval processes for transactions disrupts their workflow and gives your team time to think.