Ransomware is not the most sophisticated form of attack and our clients are asking what is CEO Phishing?
We want to raise awareness to the increase in sophisticated Phishing e-mails designed to look like it is from a legitimate source. As our clients ask us “What is CEO Fraud”. Our answer is better in the form of a blog post to raise awareness to all.
What is CEO Phishing Fraud?
CEO Phishing fraud often occurs when a hacker infiltrates a companies e-mail system, gaining knowledge about the style of writing, personality type and any factual information that can increase credibility. Once the hackers feel they have enough information then they request money transfers, usually making it sound like a legitimate business deal through phishing and social engineering.
We have known an e-mail system to be infiltrated months before hand and dig out old invoices that were sent to their clients. They then proceed to recreate an invoice looking legitimate just changing the bank account receiving the funds. The wire transfer is often transferred again to a foreign bank account, this makes it very difficult to trace and often leads to a loss.
Why are we talking about this?
Just recently we were called in to inspect the network of a new client, they had unfortunately been the victim of a phishing scam. After analysis it turned out they had Malware on their machines sending data back to a server located in China (identified by the IP address). When we looked into what had happened an employee had received a document and when they tried to open it and nothing happened instead of raising the alarm they carried on with their day.
We found a copy of the e-mail received and it was dated 16th July 2018, so they had access for a ridiculous amount of time before they lost enough money to raise the alarm. Why did it take so long? The hackers were clever and what they were doing was intercepting traffic on a daily basis to learn about how they dealt with their invoices and when some of their clients owed money or was in the middle of a quote the hackers sent invoices for reasonable amounts in the name of our client but with different bank details.
The amounts were not enough to raise an alarm the over a 9 month period they were able to extract £64,730 out of our clients customers (prior to us being involved), this is a nightmare for any company to deal with an can result in loss of trust, hefty debt to plug and can result in going out of business.
In the age of cybercrime, the greater danger is not defense imperfection, but to protect first what not really matters. Stephane Nappo
Educating your staff is the best defence
Although Cyber Criminals may be going after the CEO it is important that all staff be educated, usually it is the lower level staff that are fooled into believing they are communicating with the CEO. We need to provide awareness to the staff as just educating them enough to double check with a quick phone call if funds are requested to be transferred.
Other forms of defence
Keep your software regularly patched, make sure that you have adequate security as hackers do not just attempt phishing attacks and they also will attempt to infect your systems with Malware. Once infected they can see details of activities you do on your systems, access to business critical files and risking data leaks and enough information to either cause serious damage to your business or become experts at phishing your employees.
An Antivirus or Firewalls will not be enough to defend against phishing attacks, we have to keep an eye on systems, run regular checks and keep on providing security awareness to ALL employees.
Do you need help?