Episode 102: Uncovering the Business Email Compromise with Tom Arnold


February 4th, 2020

28 mins 22 secs

Season 1

Your Host
Special Guest

About this Episode

Tom Arnold, cofounder of Payment & Security Experts, explains the evolution of payment technology and the potential security risks of having an unprotected network. He dives into recent security trends specific to higher education institutes and methods to avoid being a victim of cyber fraud. He specifically highlights email phishing threats to universities and precautions campuses can take action to avoid being hacked.

From the early days of the internet, Arnold and his team have been fighting internet fraud. As the internet has advanced, so has cyber fraud. From fake memorabilia auctions to identity theft, Arnold has seen it all. Security measures to combat these threats have also evolved. In recent years, the implementation of EMV chips on credit cards has greatly reduced identity theft. On the flip side, they have increased fraud in electronic commerce and automated teller machines. Arnold recognizes that there will never be an end to all fraud, but by taking the correct precautions large organizations and institutes can lower their risk of becoming an online victim.

Higher education institutions and universities have become a very large target for cyber fraud in the electronic commerce realm in the last few years. A common trend is for criminals to reach out to third party content providers that then inject content to a consumer’s browsers to capture private information. Another common trend in online fraud is business email compromise. Many times, email servers are overlooked and end up under protected. Which then creates the opportunity for a cyber-criminal to fake an email from an institution or university, known as a phishing email. This can result in stealing funds and personal information from consumers. A simple username and password are not enough to keep email servers secure.

To prevent security breaches, Arnold recommends using multifactor authentication to authentic users logging into their online accounts. For example, sending a code to the user’s cell phone. When users are logging in on a device outside of the secure network, it is important that the users are notified of the login, like an email, text or notification. Institutions and universities should encourage their users to call in to validate suspicious emails before providing personal information online. Lastly, having a dual-control system in place on the department level to validate changing any finical information will help prevent cyber fraud. To detect potential fraud, Arnold suggests that any transaction over $10,000 should be personally followed up and confirmed by the Accounts Payable Department. If fraud is detected contact law enforcement immediately.

Regardless of the cyber security threats that exist, Arnold still feels confident using online payment methods. With a few simple precautions, consumers and organizations can avoid much of the risks that are out there.