16 Jun 2016

Wiping out email fraud

This article is written by Tim Bentley from TheAustralian.com.au :

Cybersecurity is at the front of every businesses’ mind at the moment. It’s hard to go a week without seeing some form of cyberattack and the Australian Government knows this all too well, with the recent announcement of the $230 million Cyber Security Strategy designed to secure the country against such future threats.

Just last month, Proofpoint met with a local medium-sized business that wired a few hundred thousand dollars to an offshore bank because the attackers impersonated its CFO. This is not an unusual occurrence nor does it only affect SMBs who may not have a Head of IT position. Only earlier this year, a high-ranking financial employee from Mattel — the makers of Barbie — wired $3.9 million to Chinese scammers after they received an email with instruction from its newly-stated CEO.

We classify this type of attack as Business Email Compromise (BEC). It’s a growing trend locally and internationally as attackers purport to be someone high up in an organisation — the CEO, CFO or company lawyer — and request money transfers, or sensitive information such as private financials, passwords, HR information and private employee details.

Perhaps an even more daunting thought is that hackers are now heavily researching social media accounts of business leaders and using their airport check-ins and family holiday Instagram pictures to customise their emails and make their approaches more personalised. It’s costing Aussie businesses a lot of money and is a massive annoyance for C-level executives as we’ve been told that some of them are receiving as many as four or five BEC attempts a week.

Recently we ran a BEC webinar that was attended by nearly 200 Australian CIO/CTO/CSO and IT Directors/Managers — we found that more than 60 per cent of attendees said they will be investing in improved email security this year to stop this attack vector. This comes as no surprise, as 90 per cent of them reported they’ve seen at least one attempt in their organisation so far this year and 46 per cent have actually seen more than 10 attempts.

With this in mind here are four signs Australian employees need to look out for to mitigate the BEC risk:

1. High-level executives asking for unusual information or initiating a wire transfer: It can be very tempting to respond obligingly to an email from the C-suite — but it’s definitely worth pausing to consider whether the email is out of the ordinary or if the email request makes sense before acting. It can’t hurt to be suspicious — asking for clarification, forwarding an email to IT, or checking with a colleague is better than wiring a huge sum of money to a fake company overseas;

2. Requests to not communicate with others: Impostor emails often ask the recipient to keep a request confidential or communicate with the sender only through email. However, legitimate requests with that level of sensitivity are usually not “email only” and you should always pick up a phone or drop into the appropriate person’s office prior to seeing to their request;

3. Language issues and unusual date formats: The presence of non-local date formats or sentence construction, grammar and spelling that suggests an email was written by a non-local speaker should also be considered a red flag. You can also look out for unusual tones or digital mannerisms and courtesies. For example, one person who came through Proofpoint noted he knew right away it was a phony request because his ‘Chairman never says thank you on email;’

4. “Reply To” addresses that do not match sender addresses: Impostor emails often appear to come from a someone the recipient knows when in fact they’re from a cyber-criminal. Hackers may also use lookalike domains to fool recipients at a glance. For example, yourcompanyc.om (ccTLD for the country of Oman) instead of yourcompany.com. Always check the Reply-to field and ask, is it a legitimate internal address, an address outside the company, or something that looks unusual?

Thanks to Tim Bentley, for sharing this article at here

Tags: email fraud email fraud