However, the customer noticed some spelling and grammar discrepancies in the response and finally called the vendor to confirm. Once alerted to the email compromise, the VP immediately changed the password to secure the email account. This is certainly a “Best Practice” when responding to a phishing incident.
But having spent time listening to Gary and Heather talk so much about Business Email Compromise, Robin knew to advise her friend to check one more thing…forwarding rules in the email client.
“If the message includes specific words in the subject or body ‘wire instructions’ or ‘wire transfer’ or ‘funds transfer’ or ‘payment’ or ‘invoice’; forward the message to blessingalways823 at gmail.com.”