Bank Loses €70 Million to Classic CEO Fraud Social Engineering Trick

By   ISBuzz Team
Writer , Information Security Buzz | Jan 31, 2016 10:00 pm PST

In light of the breaking news that Belgian Bank Crelan, Credit Agricole’s Belgian subsidiary, has announced it was the victim of a fraud camaign and lost of €70m in the process, Troy Gill, Manager of Security Research at AppRiver have the following comments on it.

[su_note note_color=”#ffffcc” text_color=”#00000″]Troy Gill, Manager of Security Research at AppRiver :

“The use of social engineering spear phishing attacks to defraud companies via wire transfer emails also picked up recently. The targeted users represented many verticals, from large enterprises to small nonprofits. Typically in these fraudulent emails, the victim, who is normally a high level member of the finance department, receives a spoofed message from a hacker posing as the CFO, or even CEO of a partner company, requesting a money transfer be placed for a vendor payment or company acquisition. Of course, instead of this money being applied to the vendor or merger in question, it instead is applied to a remote account the hacker controls.

“These messages can be innocuous at first, with the hacker (disguised as an executive or internal employee) asking the victims if they are at their desks. To pull this off, the hacker sends the emails using a display address of the company’s domain, but uses a reply-to address of an external domain, often a free email service. Using this method, the victims can often end up conversing with the hacker via email without realizing they are being duped.

“This method is used to steal thousands of dollars from companies in fraudulent transfers. While that is quite a bitter pill to swallow, many attempts are for much higher amounts and can lead to financial ruin for some companies.

“A network hardware company called Ubiquiti was victim to one of these schemes in mid-2015, except instead of wiring tens of thousands of dollars, they were defrauded of $40M. They were able to recover a few million, but it is likely that the majority of the cash will never be back in their hands. Many companies spend much time and money on protecting their network traffic or public facing servers from hacks, which is extremely important. But these social engineering spear phishing attempts are why it is equally paramount to protect employee communications as well.

“Companies should also ensure that their spam filter incorporates some next generation spear phishing protection. Once they are aware of it, a finance department could deploy some basic protections against this type of attacks, such as a two-factor authentication policy.”[/su_note]

[su_box title=”About AppRiver” style=”noise” box_color=”#0e0d0d”]AppRiverAppRiver’s corporate headquarters is located in Gulf Breeze, Florida, USA, and our Europe, Middle East and Africa (EMEA) headquarters is in Lupfig, Canton Aargau, Switzerland. The Company also has a regional sales office in Northport, New York, USA and we maintain multiple, secure world-class data centers throughout the United States, Europe, and Asia. Our growing 170-member team protects more than 45,000 corporate customers and eight million mailboxes around the world.[/su_box]