MANAGING RISK: Tech Takeovers

The dealer brought in a tech security expert who helped Shepley set up the proper firewalls and proper data precautions. Additionally, all employees received training. Strict login regulations are enforced, including strong passwords.

But one of the challenges the dealer came across is the paper trail that can be left behind via check payments or other miscellaneous customer information that remains in paper form.

To help avoid problems, Shepley does not store social security or driver license information, according to Howell.

LBM Resources

More Than 300% ROI is Possible with Epicor for Building Supply

Learn how users drive value through elevated responsiveness, supply chain logistics, and cost management.

At r.k. Miles, the four-unit dealer based in Manchester, Vt., the IT team has witnessed a significant increase in the plausibility of fraudulent emails; a sign that the crooks keep getting better.

“We’ve been hit with malware, viruses, phishing—it’s getting pretty realistic,” says Lisa Wessner, IT manager at r.k. Miles. “We’ve seen perfect shots of a Pay- Pal screen or credit card company—and if I’m getting these emails that means 100 other people in the company could be receiving these emails.”

While r.k. Miles’ customers can access account info online, there is no exchange of funds as customers are actually interfacing with a server in California—not r.k. Miles’ server.

- Advertisement -

Threats Close to Home

The most consistent area of vulnerability Tracey Richardson sees is customer transactions and account takeovers. Richardson, vp of credit risk management at BlueTarp Financial, says fraudulent orders are typically placed online and not in person by someone who has gradually taken steps to take over someone else’s account.

Typically it’s someone affiliated with a business—perhaps a disgruntled employee— that is familiar with how their boss buys products. They know how to access the account and a particular dealer.

The gradual takeover is accomplished during a short period of time—adding themselves as a contact to the account, adding their phone number or changing the address of the business. “In a few steps they have taken over the identity of the business,” Richardson says.

- Advertisement -

Once credibility has been gained, buying goods that can be liquidated fast is usually the next step—work clothes, generators, compressors, high-end tools—all products that can be moved fast and delivered to a fake address.

In other instances, BlueTarp has witnessed criminals taking the name of a valid company and borrowing it.

Download the LBM Journal App

Stay up-to-date with industry news, articles, events and resources for LBM professionals. No registration or subscription required!

Download on the App Store
Get it on Google Play
LBM Journal App

What's New

Digital Partners

Become a digital partner ...

Sales Comp Study

Download this 55-page, in-depth study by LBM Journal of industry trends in sales force compensation and benefits. See how your organization stacks up.

Webinars

- Advertisement -

White Papers

View all ...

- Advertisement -

Partner Content

View all ...

- Advertisement -

Registration is now open for the LBM Strategies 2024 Conference