Matt: You call my Netflix shows trash?
Attila: Yes.
You're listening to the Cyber Secured Podcast, helping you become safer in every way.
Now, your hosts, Matt and Attila.
Attila: Welcome to the Cyber Secured Podcast.
Attila: I'm your host Attila, and I'm Matt.
Attila: All right.
Attila: Thanks for joining us.
Attila: We're going to be talking today about business email compromise, otherwise known as BEC.
Attila: Wow, that is it.
Matt: I think we've talked about this before.
Attila: We've talked about it, but not really dedicated enough real effort into it, because it's a big problem.
Matt: Yeah, I was just going to say, even if we talked about it before, and we're talking about it now, we're probably going to talk about it again.
Attila: I think we've lost some people, though, when we said BEC, they were like, oh boy, is that like a Korean K-pop band?
Matt: Yeah, no.
Attila: No, it's not.
Matt: Sadly, I wish it was.
Attila: It could still be.
Matt: It could still be.
Attila: It could still be.
Matt: Yeah, it's close enough.
Attila: So, business email compromise is something we come across all the time.
Attila: And it's probably one of those things where we come across it so often, we don't even think about it.
Matt: I think it's happening more often than even we know.
Matt: I mean, people get embarrassed by what happens there, and they don't report it.
Attila: They report it when they lose money, and that's when they call us.
Attila: So the business email compromise simply means this.
Attila: Somebody, somewhere, gets into an email box of someone at a company, and fools either a vendor or the accountant, or someone there, into wiring out money out of the company.
Attila: That's the gist of it.
Matt: And then there's tons of variations of how this works.
Matt: We've seen all different kinds, and it really kind of goes across the spectrum of different kinds of businesses, because you can have your regular mom and pop.
Matt: You can have large enterprise companies.
Matt: There's been business email compromise situations where millions of dollars have gone to illegitimate vendors because they've gotten involved somehow with the accountants at a large enterprise.
Matt: It happens to content creators.
Matt: There's all kinds of videos of content creators that have gotten scammed, or they've gotten actual things installed on their machines because of business email compromise, because that can lead to that as well.
Matt: But there is a fine line between just a simple business email compromise and an actual hack.
Attila: The metric we can look at, though, is how much money is being stolen.
Attila: Because it gets reported to the FBI, the FBI gets involved, and they add it to their little tally.
Attila: So how much money are we talking about here?
Matt: Well, according to Statistics Online, and I think this is fairly conservative, we're looking at upwards of almost $3 billion per year globally.
Attila: $3 billion?
Matt: Yeah.
Matt: Apparently since 2013, since it started becoming a thing, it looks like around $50 billion or more has been lost by businesses worldwide.
Attila: So by that metric, that's probably one of our top exports out of this country.
Attila: Yeah.
Attila: Is money getting stolen?
Matt: There's more money that gets lost to business email compromise than ransomware, which is crazy because yes, technology is involved, it's email, but what's actually being hacked is not a computer, it's people.
Matt: It's the oldest game in the book, it's con artistry, but elevated to email.
Attila: And everyone uses email now, so it's a familiar platform, right?
Matt: There's trust.
Attila: A lot of trust, and a lot of time, so the cases that we come across, it's a legitimately hacked email box.
Attila: So you assume that the email you're receiving is from the actual person when in reality it's not.
Attila: So maybe we should walk through some of these scenarios that we've come across, because I've done different interviews about how residential buildings, this happens to them for like their subcontractors.
Attila: So like, let's say a roofing contractor, in this case is a roofing contractor.
Attila: Roofing contractor comes on site, fixes the roof, they demand payments at some point.
Attila: Of course, the roof has been done.
Matt: Well, payments are usually done monthly.
Attila: Yeah, it's done monthly, they go to the check run, a month goes by and then the roofing contractor shows up and says, hey, do you want to pay me?
Attila: And they say, well, we've paid you already.
Attila: But really, they paid the bad guy, and after a month, forget it, that money's long gone.
Attila: And that's $600,000, $200,000.
Attila: This one association building here lost over $400,000.
Matt: That's insane.
Matt: Yeah, and it happens on a number of different levels, as we mentioned.
Matt: The simplest one is the bad guys will get into someone's account on either end.
Matt: There's ways to trick people, depending on which side that you're on.
Matt: And then they start pretending to be a vendor that is owed money.
Matt: That's usually the simplest form of payment that they try and obtain.
Matt: And if they have access to the source, to the payee, the accountant, they'll do some kind of filtering so that all the emails to and from the actual person is hidden.
Matt: It goes into an RSS feed in the inbox.
Matt: It's something that still exists in Outlook.
Matt: It will go to a place where someone wouldn't think to look.
Matt: It's marked as red.
Matt: And then the bad guy will have access to that so they can actually see the real emails that are going back and forth.
Matt: And to add insult and injury to this whole thing, in the past, sometimes the bad guys will get caught because of poor grammar and kind of weird wording, strange endings, sincerely yours kind of stuff.
Matt: But now because of AI, they're able to emulate and copy language styles and formatting and all that stuff.
Matt: So I think it's gotten even worse now.
Attila: Let's walk through the step-by-step anatomy of how this works, because I think then we can really talk about what in each stage could have been done to keep this from happening to you.
Attila: Because that's our goal here, right?
Attila: We want to illuminate this big problem.
Attila: Because like you said, $3 billion a year, in the past 10 years, $55 billion out of this country.
Attila: What the heck is going on?
Matt: Well, let's say you're a company that has really good security.
Attila: Well, let's pick that one that we actually helped with.
Matt: I don't think they were hacked.
Matt: I don't think they actually had any kind of compromise.
Attila: And that's a really good point that you say about hacked.
Attila: So this is not necessarily being hacked, it's usually fraud.
Attila: You've been defrauded.
Attila: So in this case, in particular, let's pick one with the engineering firm.
Attila: So they're a fairly large engineering firm, located throughout the US and Guam, and a few other parts around the world.
Attila: So, you know, good size footprint.
Attila: They have security requirements because they're involved in federal contracts.
Matt: And lots of vendors that they're always paying money to.
Attila: Lots of vendors, that's really key.
Attila: And the owner, let's just call him Barry.
Attila: So the owner's name is Barry.
Attila: And Barry has an email account, and it's a Microsoft 365 account, and this was about a year ago, so they didn't require it.
Attila: He was annoyed when IT turned on two-factor authentication, where he would be required to type in a code or respond to a push notification on his phone.
Attila: He said, I'm the boss, I know better.
Matt: I've been doing this for 60 years, true.
Attila: Yes, and why use a password manager?
Attila: I mean, well, let's be honest, we all use password managers.
Attila: It's called the dark web, all of our passwords are there anyway.
Attila: But the, so he goes and uses the same password on his LinkedIn account, as he does on his email, as he does on probably the bank account.
Attila: Good chance he's got a post-it note, maybe.
Attila: Maybe he took extra steps and put it underneath his keyboard.
Matt: Which, it's always a great place for passwords.
Attila: And you laugh, but I saw this last week.
Matt: Oh no, I've seen it too.
Matt: I've seen it inside of people's literal notebooks sitting next to their computer, or in the notes app on their phone, or both.
Matt: And the notes app on your phone is not even that well protected, because you think people can't get into your phone, but if you're using the same password everywhere, you know.
Attila: Well, we just got a SOC alert an hour ago of someone with an Excel file, with clear text passwords on it.
Attila: Yeah, yeah, yeah, yeah.
Attila: So that literally, I see it all the time.
Matt: All the time, yeah.
Attila: And this one I saw last week, it was in a public place.
Attila: Like a lot of people were walking by, and this was a security desk.
Matt: Well, so going back in the trucks, what happened to Barry?
Attila: So Barry reuses the same password, and someone in an unknown location, because the logs retention wasn't there, we'll talk about that in a sec, decides that they're going to try a password that's been leaked from any number of sites.
Attila: Who knows which site?
Attila: If he's using the same password on all these different sites, gets leaked onto the dark web.
Attila: And this is where dark web monitoring actually comes in.
Attila: Because if he had had some sort of dark web monitoring service, which you can get from anywhere, right?
Attila: Like credit card companies even have it now.
Matt: Right.
Matt: They say, well, because they've been hacked so many times too.
Attila: Exactly.
Attila: And so, if he would have had some sort of dark web monitoring service, and it has some better cyber hygiene, at least having a unique password on each one of those sites, or if not, at least turn on two factor.
Matt: But Barry knew better, because I'm the owner and I've been doing this forever.
Attila: And to be fair, I don't know how to build a building.
Attila: Everyone needs to stay in their lane.
Attila: We need people who are builders, we need people who are engineers, we need people who make our food.
Attila: Because I could tell you this, I'm not a great cook.
Attila: I don't build buildings very well.
Attila: But when it comes to cyber, I'm pretty good.
Attila: So let's stick with what we're good at.
Attila: And he's got that expertise.
Attila: So Barry's account gets compromised in that someone logs in and downloads all his email messages.
Attila: And they look through them.
Attila: And through those email messages, they notice that he likes to email one person in particular at his company a lot, and that's the CFO.
Attila: And the CFO often sends him invoices.
Attila: It says, hey, do you approve this very large purchase?
Attila: Right, yeah, yeah.
Attila: Right?
Attila: And so the cyber criminal is like, huh, okay, that's interesting.
Attila: What do these invoices look like?
Attila: Well, on the invoices themselves, it says, please remit payment to this following bank routing number.
Attila: They said, well, that's easy to change a few numbers.
Attila: So, they start looking through his emails, and obviously, I think you can do this with AI, but for years, they weren't doing it with AI.
Attila: Well, they kind of picked up, like, how does Barry like to talk to a CFO?
Attila: Is it conversational, is it formal?
Attila: And from the email threads that we saw, it looked like Barry was pretty bossy.
Attila: He was kind of gruff.
Attila: He was like, hey, you need to pay this vendor now.
Attila: That kind of thing.
Attila: And so, they downloaded that PDF, and they took that PDF and modified it a little bit, and then sent the accountant an email.
Attila: Now, meanwhile, Barry continues to do his day-to-day thing.
Attila: So, they were in there for weeks, if not months, picking through his emails, kind of figuring out what this is going to look like.
Attila: And then Barry notices that whenever he seems to send an email to a CFO, she doesn't seem to get it.
Attila: Isn't that weird?
Attila: He's like, oh, what's going on over here?
Attila: Calls an IT.
Attila: IT said, what are these email forwarding rules?
Attila: So, remember, we kind of touched on that with the RSS.
Attila: A really simple syndication is something that's been around for, gosh, the 90s, maybe?
Attila: And mail forwarding rules means that anytime his CFO would email him, instead of it going into Barry's inbox, it would go be forwarded off somewhere else.
Attila: Now, that's another big clue there.
Attila: Now, whenever an email forwarding rule is created inside of a 365 account, you should be alerted or someone should be alerted.
Attila: Once again, that's where SIMSOC comes in.
Attila: So SIM is Security Instance and Event Management, SOC is your Security Operations Center team.
Attila: In short, security guys watching your emails for rules being created.
Attila: Again, we got one of those, what, another hour ago?
Attila: Yeah.
Attila: Someone else created a mail forwarding rule.
Attila: And legitimately, I mean, it happens all the time.
Attila: I have mail forwarding rules.
Attila: We all use mail forwarding rules.
Attila: This is why it's hard to get, you got to find the signal through the noise.
Attila: And one of the reasons for anyone who's interested in cybersecurity or at least getting into this field, you got to know there's a lot of noise.
Attila: And you have to be very tolerant to that because 99 percent, maybe even higher, of all the trash that comes in is legitimate.
Attila: It's okay.
Attila: You have to use some discernment and AI and tools and communications.
Attila: You call my Netflix shows trash?
Attila: Yes.
Matt: Well, my YouTube subscriptions.
Attila: It could be anything.
Attila: And so, you have to be very, very tolerant to having a lot of notifications coming in.
Attila: And that is called alert fatigue in our industry.
Attila: But that one alert, that one real one, that one could make all the difference.
Attila: So, you do have to treat them a little bit.
Attila: You have to be resilient to alert fatigue.
Matt: And it's like being able to also identify when the alert looks a little weird.
Matt: When you see an email pop up with a mail forwarding rule, and this account has never had an email forwarding rule, or you know maybe the person at the other end of that email, and it's the manager of the car wash.
Matt: Why is the manager of the car wash making email forwarding rules?
Matt: Like, it doesn't make a lot of sense.
Matt: They just work at the car wash.
Matt: So it's kind of picking up on little nuance to things like that, and just experience teaches you those things.
Attila: There's mail forwarding, there's mail sorting.
Attila: A lot of folks use mail rules to assign a folder underneath the inbox to drop things.
Attila: But when you start forwarding to a third party, like outside of the organization, big red flag.
Matt: So what happened with this forwarding rule to or from the accountant with Barry?
Attila: Well, with the accountant, what was happening is unbeknownst to Barry, Barry was talking with the CFO, sending over this invoice and saying, hey, I need you to pay this invoice for this vendor right away.
Attila: And she said, are you sure that this is what you want to do?
Attila: And he would say, yes.
Attila: It was very clear in the text thread, yes, do this now.
Attila: It was very demanding.
Matt: But it sounds like that was kind of how he was too.
Attila: That's how he was, and the bad guys picked up on this.
Attila: And long story short, they kind of go back and forth over the course of maybe two days, where she says, are you sure you want to do this?
Attila: OK, he says, yes, and be sure to use the new routing number.
Attila: The routing number is here at the bottom.
Attila: And I believe, if I'm not mistaken, I think Barry was actually at on vacation during this time.
Matt: Oh, even better.
Attila: Yeah, even better.
Attila: So somehow they got into his calendar.
Matt: So you can't even reach him if you need to actually talk to him directly, or it'd be really difficult, or he might be even more upset.
Attila: More annoyed, right?
Attila: Yeah.
Attila: And so that's the other thing.
Attila: I mean, imagine, not only do you have everything in 365 that's your email, you also have your contacts, right?
Attila: You got your calendars and SharePoint.
Attila: Yeah.
Attila: SharePoint is huge.
Attila: And everything that SharePoint has access to.
Attila: Now SharePoint, for those of you not using it, it's very good, but it is a giant filing cabinet.
Matt: It's a filing cabinet.
Matt: And it also can be a backdoor.
Matt: I have noticed that there's these compromises that happen, and they get into people's accounts, but they don't tend to leave backdoors as much.
Matt: But I think it's because we have so many on-prem tools that would detect a lot of the stuff.
Matt: So they leave it more to hacking or scamming individuals.
Attila: Social engineering.
Matt: Yeah, I love our bank for the buck.
Attila: Our operating system hasn't changed in what?
Attila: Tens, thousands, hundreds of thousands of years.
Matt: We've got vulnerabilities that are 10,000 years old.
Attila: Well, we still like bananas.
Attila: There's a clue right there.
Matt: Zero days that have been unpatched since the dawn of time.
Attila: So the money disappears, $150,000.
Attila: And somehow, the IT guy, he got an itch, and he had to scratch it.
Attila: He didn't like this mail forwarding rule that he found.
Attila: And in addition to this mail forwarding rule, he starts digging in there and finds that there's also deletion rules.
Attila: So that after the email was forwarded, it would delete it.
Matt: Yeah, that's a red flag.
Attila: Red flag.
Attila: And so he talks to the CFO, and she says, well, yeah, you know, I'm just doing my job.
Attila: He's very demanding.
Attila: He wanted me to wire this money out to pay this vendor.
Matt: Yikes.
Attila: So the IT guy quickly swings in action, works with the CFO, calls the bank, and they're able to stop part of the transfer.
Attila: So the way it works with these money mule accounts is that the victim transfers the money to one account, and then that one account transfers it to another, and that chain goes on for like 12 to 15 accounts before finally ending up in some foreign country funding.
Matt: Sometimes they even extract it as cash, so then they can kind of have a break in the chain.
Matt: Oh, interesting.
Matt: It's been more of a common thing now where the bad guys will look for people here in the states that they want to do some kind of thing where they make $1,000, and all they have to do is take out money from an account and then go to another bank and deposit the money, and they're not told what it's for or who they're doing it for.
Matt: So they don't even know that they're doing something illegitimate.
Matt: It sounds kind of sketchy, but $1,000 is pretty good for just walking money to another location.
Attila: Well, when I was talking with one of our FBI contacts, he was telling me about how they had gone to arrest one of these money mules.
Attila: And it was like an older lady in the Midwest.
Attila: And she said, no, I am working for a legitimate company doing work from home.
Attila: I'm being paid a regular paycheck, and they just asked me to do this one thing, which didn't seem that unusual for the company.
Attila: And lo and behold, she's a money mule.
Attila: Totally unknown.
Matt: Some of them know about it, but a lot of them don't.
Attila: Well, that maybe has a bit of a tangent.
Attila: I mean, Scattered Spider has been growing for that reason.
Attila: So, Scattered Spider is that hacker group that was responsible for the Colonial Pipeline attack, the one that took down the East Coast.
Matt: Wasn't that a bunch of teenagers?
Matt: I didn't really look into it, but I...
Attila: Yeah.
Attila: Yeah.
Attila: No, absolutely.
Attila: And they even took down, that was part of the MGM in Caesars, was also Scattered Spider.
Attila: And the idea is that a lot of these kids, I think the average age is from like 14 to 25 or something like that.
Attila: So it's pretty young.
Matt: Yeah.
Attila: And those kids are, they want to make a buck.
Attila: And they look out and they say, well, McDonald's will pay me this much, or I can go make $10,000.
Matt: They don't have a lot of money, they want some agency.
Matt: Plus, it's a bit of a high.
Matt: I'm not going to lie.
Matt: When I was going after scammers, and I was just doing a little bit of hacking, I was doing on their computers and trying to move laterally through a network.
Matt: It's a high.
Matt: When you execute something, and you hit go, and it works, and you're suddenly on another computer, oh my god, it's a rush.
Matt: So, to include money in that formula, wow.
Matt: I can only imagine.
Attila: Well, and imagine they also have really good resources.
Attila: So, Scatter Spider is also being funded by Russian.
Attila: So, they're giving them a lot of guidance, and the tools, and everything they need.
Attila: So, it's not just a lone wolf anymore.
Attila: It's really well funded.
Attila: And they're able to do really big things and make headlines.
Attila: So, I guess looping back to what we're talking about.
Matt: Yeah, it's easy to get off track with these stories.
Matt: But yeah, so the IT guy finds these email forwarding rules and then the deletion rule, and Mr.
Matt: Berry is on vacation.
Attila: The money has been wired out.
Matt: The money has been wired out.
Matt: Did they get away with the money?
Attila: So, luckily, they got in touch with the bank right away.
Attila: And then the bank starts clawing back the funds because they have to, you know, it's a quick chain.
Attila: You know, that money goes into that account within hours sometimes.
Attila: It's already on to the next bank, and then next bank, and next bank.
Attila: And they have to go through that chain.
Attila: They try to claw it back.
Attila: And in this case, they did get most of it back, which was good.
Matt: Oh, nice, okay.
Attila: They didn't lose it all, but in most cases, you don't get it all back.
Matt: I know banks now have mechanisms in place for this kind of activity now, compared to even five years ago, they didn't.
Attila: Right.
Attila: And I think at this point, they only had like a 24-hour window to respond.
Attila: But in the...
Attila: Now, I think it's a little bit more.
Attila: It's either 48 or 72 hours.
Attila: So as long as you get to the bank during that period of time.
Matt: Yeah, you gotta do it quickly.
Attila: And I will give you one guess when they love to do this.
Attila: Friday afternoon.
Attila: Yeah.
Attila: Friday afternoon.
Attila: Because they know that that banking window is much shorter.
Matt: Yep.
Attila: Right.
Attila: And they know that most people aren't working on a Saturday.
Matt: Or when it's holidays.
Attila: Yeah.
Matt: Yeah.
Attila: They won't pick it up until Monday or Tuesday of the next week.
Attila: So like a Memorial Day weekend.
Attila: And I can't tell you how many times, like it's three o'clock on a Friday, and I'm nervous that our phone is going to ring again with some story, because that's when they like to hit.
Matt: Yep.
Matt: Yeah, it's crazy how simple, but elaborate some of the stuff is.
Matt: But these guys, they have a lot of time with their hands, and they're not making a lot of money.
Matt: You know, during my days when I was going up to scammers, I had a computer that popped up on my monitoring thread, and I actually spotted a system I used to have, remote access to, and the computer had gone to somebody that was just funneling emails.
Matt: That's all he was doing.
Matt: And the computer would come on once or twice a day, and I would watch him, and he would just have 50 to 100,000 emails in these Excel and CSV files, and he would package them up, and then he'd email them off to somebody.
Matt: That's all it was, and it was just to go after people's accounts.
Matt: And there's tools now.
Matt: I just saw this in the news recently on Bleeping Computer.
Matt: It's for pen testing purposes, for legitimate testing, where a company's paying you to, you know, see if you can get access to their accounts and whatnot.
Matt: But there are tools on GitHub that are pretty easy to stand up and use, that it's been discovered that they're being used by bad guys in the wild, and effectively being able to get into accounts with these tools.
Matt: It's really easy to do.
Matt: You just need some basic computer skills and a list of emails.
Matt: And the article was talking about how there's 800,000 365 accounts.
Matt: 800,000, almost a million, wow, email accounts that have been attacked using this tool.
Matt: So, I mean, if any of these accounts, and I'm sure there's more than a few, don't have multi-factor authentication and are using the same passwords that people are using on their LinkedIn accounts, or their Facebook accounts, or Twitter.
Attila: Well, this one is a token jacking one, right?
Attila: So even if you do it.
Matt: No, this one isn't token jacking.
Attila: Not token jacking.
Matt: No, this is just to try and...
Attila: Because brute force, yeah.
Matt: So, the thing I alluded to earlier about how your account doesn't necessarily need to be hacked, your company could have really good security, but you could still fall victim to the scam, goes to a lot of construction companies, architecture firms, whatnot.
Matt: They have vendors that don't necessarily fall under the same kind of guidelines and compliance rules, right?
Matt: That they need for running their business.
Matt: So, they might not have multi-factor authentication or complex passwords.
Matt: And what we've started seeing bad guys do is they'll get into those accounts and they'll look at the emails going back and forth, and they'll look at the companies that are paying them.
Matt: And instead of setting up a bunch of email rules and filtering all kinds of stuff that might trigger some kind of alerts or tell the company that there's something going on, they'll set up a domain that's really similar to the name of that company.
Matt: Maybe one letter off, especially if there's an L, and they'll make the domain with a one instead of an L, right?
Matt: Ideally, the company's name is really long too.
Matt: So, when you're seeing the email, you're not noticing that there's a misspelling in the domain and the email.
Matt: And then they'll hold on to that domain for 30 or 60 days.
Matt: So, it doesn't come up on any kind of alerts, because a lot of our tools will detect if a domain is newer.
Matt: Yeah, it's newer than 30 days or 60 days, and then marks it as possibly malicious.
Matt: And then what they'll do is they know that there's correspondence that goes back and forth with this contract in company or construction or architecture or whatever.
Matt: And they'll, you know, because they had access to the emails, they'll forge an email saying that, hey, you're behind on this payment, or you've got this payment coming up, can you send us the money to this new account, because we've changed our vendor, we've changed our bank, whatever, yeah.
Matt: And the accountant at the other end is like, oh, yeah, actually, I recognize this email, I recognize this person.
Matt: The language seems correct, the forms, the PDFs that they're sending seems correct, the invoicing seems correct.
Attila: Yeah, and in fact, they're even smarter.
Attila: Like this case out of California, we're working on, they had an electrical contractor, and the electrical contractor had a mechanics lien on the property, and they demanded payment, or should they, in quotes, demanded payment, the electrical contractor.
Attila: And of course, the general contractor said, well, look, you need to sign the lien release documentation.
Attila: And so the hackers filled it out on behalf of the general.
Attila: The general was telling me, he says, I can't get half my vendors to fill this out correctly.
Attila: The hackers are smarter than my guys.
Matt: And they do a better job.
Attila: Yeah.
Attila: So, it just keeps on going.
Attila: And, you know, what you pointed out was really interesting about the domain name just being one letter off.
Attila: We've seen, and it doesn't even have to be one letter off.
Attila: Like, for example, this one, it had to do with a case where someone had died.
Attila: They had an inheritance.
Attila: That inheritance was, you know, being communicated to the beneficiary through a Gmail account.
Attila: And somehow, the hacker said, well, how about I just set up that same, instead of using, you know, Jeanette at, Jeanette123 at gmail.com, Jeanette123 at outlook.com.
Attila: They just set up an outlook.com email.
Matt: Yeah, even simpler.
Attila: Yeah, they said, oh, this is my new email address.
Matt: Less tech skills needed there.
Attila: Yeah.
Yeah.
Attila: Wow.
Attila: Well, this has been an interesting topic.
Attila: I know we'll have more to talk about.
Matt: Yeah.
Matt: Main thing.
Attila: We're out of time.
Matt: Yeah, we're out of time, but just the main thing is pay attention to your emails going back and forth, especially if you are an account holder that, you know, you're responsible for money going in and out of a company.
Matt: And especially if you're regularly all the time, you know, sending money in and out, pay really close attention to that.
Matt: When in doubt, make a call.
Matt: Because right now, at least, it's really difficult to try and fake a phone number.
Matt: Like, if you have the phone number of a vendor you need to pay, and you're unsure about an email that's soliciting money from them, give them a call and then talk to them.
Matt: And at the very most, like, go and see them in person.
Attila: Yeah, some of our bigger clients, they're just, they're old school.
Attila: Two check signers, check's in the mail.
Attila: That's it.
Attila: So, hate to say it, but maybe there's something to be said about the old school.
Attila: Yeah.
Attila: All right, guys, I hope you enjoyed this podcast, and there's more to come.
Attila: I'm Attila.
Matt: I'm Matt, have a great week.
Attila: Stay safe out there.
This episode was brought to you by Cypac.
To learn more about keeping your business safe from threat, crime, and disaster, visit cypac.com.