In light of the breaking news that Belgian Bank Crelan, Credit Agricole’s Belgian subsidiary, has announced it was the victim of a fraud camaign and lost of €70m in the process, Troy Gill, Manager of Security Research at AppRiver have the following comments on it.
[su_note note_color=”#ffffcc” text_color=”#00000″]Troy Gill, Manager of Security Research at AppRiver :
“The use of social engineering spear phishing attacks to defraud companies via wire transfer emails also picked up recently. The targeted users represented many verticals, from large enterprises to small nonprofits. Typically in these fraudulent emails, the victim, who is normally a high level member of the finance department, receives a spoofed message from a hacker posing as the CFO, or even CEO of a partner company, requesting a money transfer be placed for a vendor payment or company acquisition. Of course, instead of this money being applied to the vendor or merger in question, it instead is applied to a remote account the hacker controls.
“These messages can be innocuous at first, with the hacker (disguised as an executive or internal employee) asking the victims if they are at their desks. To pull this off, the hacker sends the emails using a display address of the company’s domain, but uses a reply-to address of an external domain, often a free email service. Using this method, the victims can often end up conversing with the hacker via email without realizing they are being duped.
“This method is used to steal thousands of dollars from companies in fraudulent transfers. While that is quite a bitter pill to swallow, many attempts are for much higher amounts and can lead to financial ruin for some companies.
“A network hardware company called Ubiquiti was victim to one of these schemes in mid-2015, except instead of wiring tens of thousands of dollars, they were defrauded of $40M. They were able to recover a few million, but it is likely that the majority of the cash will never be back in their hands. Many companies spend much time and money on protecting their network traffic or public facing servers from hacks, which is extremely important. But these social engineering spear phishing attempts are why it is equally paramount to protect employee communications as well.
“Companies should also ensure that their spam filter incorporates some next generation spear phishing protection. Once they are aware of it, a finance department could deploy some basic protections against this type of attacks, such as a two-factor authentication policy.”[/su_note]
[su_box title=”About AppRiver” style=”noise” box_color=”#0e0d0d”]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.