Read News Broadcasts of the day From All News Channels in USA , national news, sports, entertainment, finance, technology, and more from USA Today Broadcast

Tuesday, 23 May 2017

Three words to set alarm bells off for every firm

The email from the boss looked kosher. He said a new supplier needed paying urgently - £50,000 to secure an important contract.
He wanted it done as soon as possible because he was on holiday and didn't want to worry anymore about work.
This rang true to the finance director because his boss had already posted a photo of his Greek island getaway on Instagram. His email address looked genuine too.
But, of course, it wasn't the boss.
It was a fraudster who'd done his research and was skilled at psychological manipulation.
The small manufacturing firm - that wishes to remain anonymous - ended up losing £150,000 to the fraudster in the mistaken belief that he was a legitimate supplier.
When the boss found out the bad news, he fired the finance director.
This is an all-too-common story, involving business email compromise (BEC) or CEO fraud, as it's known to law enforcement.
Three words to look out for in email subject headers that should set alarm bells ringing are "urgent", "payment" and "request".
It is a relatively lo-tech fraud but phenomenally successful - around 22,000 firms and organisations around the world have lost more than $3bn (£2.4bn) to it over the last three years, the FBI says.
In March, the US Department of Justice arrested a 48-year-old Lithuanian man, Evaldas Rimasauskas, for allegedly stealing more than $100m (£80m) from two internet companies in an email fraud between 2013 and 2015.
"Email fraud is the number one attack for our clients," says Edward Cowen, chief executive of Remora, a cybersecurity consultancy.
"We're talking £100,000 losses typically, but we've had losses in the millions. One guy nearly got away with 7m euros (£6m)."

'Weakest link'

Cybersecurity firm Proofpoint reports that its 5,000 clients saw a 45% rise in BEC fraud in the last three months of 2016.
Two-thirds of these attacks used the simple trick of spoofing the email address to make it look like the message came from someone senior within the organisation.
But often, if you reply to such emails, the "To" address will show a completely different domain name, or a company name that looks very similar but has an extra letter added or two letters flipped around.
As our brains are very good at making sense out of words with jumbled up letters, we often don't notice these "mistakes".
"People are still the weakest link when it comes to cybersecurity," says Rob Holmes, Proofpoint's vice-president of products.
"It's a remarkably unsophisticated type of fraud from a tech perspective, but the bad guys do extensive research into the top executives to make their emails look as plausible as possible."


The usual tactic with BEC fraud is for the fraudster to pose as an authoritarian boss barking orders to subordinates in the accounts department.
"More junior people are more likely to do what they're told without question," says Mr Holmes.
"So if your boss is quite authoritarian you are more prone to this type of attack."
Another tactic is to establish a rapport with another member of staff who assumes the emails are coming from a senior executive.
Once the fraudster has lulled the target into a false sense of security, he asks for payroll data or other useful information.
It's easy to spoof the "From" field in an email address and to edit the name label of a sender. So instead of seeing the email address in full, recipients just see the person's name.
Source By BBC.COM



Post a Comment

Note: only a member of this blog may post a comment.

Search This Blog

Blog Archive