Expert Comments

Expert On Insta Star Used BEC Fraud Attack to Steal £100m from Football Club

Expert(s): Security Experts
Expert(s): Tim Bandos, Ed Macnair, Chris Ross

It was reported over the weekend that an Instagram star is facing criminal charges over an attempt to steal £100m from a premier league club, amongst others, using Business Email Compromise fraud email attacks.

Experts Comments

Tim Bandos
July 07, 2020
Vice President of Cybersecurity
Digital Guardian

Business Email Compromise continues to be a significant issue.
Business Email Compromise continues to be a significant issue. Companies will traditionally roll out security awareness training to their employees about not opening suspicious email attachments or clicking on links, but how many companies train their staff to refuse or question a direct command from senior staff? The art of “whaling” aims to compromise a senior staff member’s email and then use that to instruct junior staff to make payments to bank accounts of fraudsters. Because.....Read More
Business Email Compromise continues to be a significant issue. Companies will traditionally roll out security awareness training to their employees about not opening suspicious email attachments or clicking on links, but how many companies train their staff to refuse or question a direct command from senior staff? The art of “whaling” aims to compromise a senior staff member’s email and then use that to instruct junior staff to make payments to bank accounts of fraudsters. Because these highly lucrative attacks are succeeding, they will continue to attract more groups willing to attempt their methods. It’s time that businesses consider applying security to their business practices because IT security tools are not infallible against human behaviour. As an example, train your staff to require third party validation for any financial transaction or introduce payment procedures requiring multiple sets of independent eyes. Malicious individuals are abusing the fact that junior staff implicitly trust their seniors and act quickly as instructed. You must put in place processes and beliefs that when unordinary requests come through they should be questioned.  Read Less
Ed Macnair
July 07, 2020
CEO
Censornet

BEC is so effective because it exploits a human impulse - as the emails often look ‘real’.
The case of an unnamed premier league club losing £100 million from a Business Email Compromise (BEC) scam shows that even the most common form of attacks pose an enormous risk to unsuspecting organisations. BEC is so effective because it exploits a human impulse - as the emails often look ‘real’, these scams take advantage of a very human desire to please a high ranking executive - which means the victim may not be as security-vigilant as usual. Unfortunately, because these emails are.....Read More
The case of an unnamed premier league club losing £100 million from a Business Email Compromise (BEC) scam shows that even the most common form of attacks pose an enormous risk to unsuspecting organisations. BEC is so effective because it exploits a human impulse - as the emails often look ‘real’, these scams take advantage of a very human desire to please a high ranking executive - which means the victim may not be as security-vigilant as usual. Unfortunately, because these emails are so convincing, and targeted, the traditional pattern matching technologies usually used to catch spam are also useless against this technique. In order to be able to spot them, organisations need to combine content analysis, threat intelligence and executive name checking to efficiently protect themselves. Combining the right technology with best-practice policies for employees will give organisations the right tools to keep their eye on the ball and mitigate these types of scams.  Read Less
Chris Ross
July 06, 2020
SVP
Barracuda Networks

In many cases, the hacker creates a fraudulent, but realistic-looking, email request for payment of an invoice or transfer of funds.
This incident is another reminder that cyber threats such as Business Email Compromise (BEC) schemes remain active and prevalent, posing a huge risk to unsuspecting organisations. In many cases, the hacker creates a fraudulent, but realistic-looking, email request for payment of an invoice or transfer of funds. The perpetrator will often use the company logo, email signature, and fake purchase order number in their correspondence to increase the likelihood of being believed. The victim,.....Read More
This incident is another reminder that cyber threats such as Business Email Compromise (BEC) schemes remain active and prevalent, posing a huge risk to unsuspecting organisations. In many cases, the hacker creates a fraudulent, but realistic-looking, email request for payment of an invoice or transfer of funds. The perpetrator will often use the company logo, email signature, and fake purchase order number in their correspondence to increase the likelihood of being believed. The victim, assuming they are just doing their job, makes the transfer in response to the request, often repeating the process over time, leading to the company losing tens of thousands, if not millions of pounds. This type of spear-phishing attack has been trending, with Barracuda Sentinel detecting 467,825 spear-phishing email attacks between March 1 and March 23, a 667% increase. Tackling this issue requires companies to invest in the very latest email protection systems and also ensure that every employee is acutely aware of these scams and how they operate.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

iPhone Hacking Tool GrayKey Techniques Outlined in Leaked Instructions

Expert Commentary – EU to Launch Rapid Response Cybersecurity Team

Tech Experts Discuss International Women in Engineering Day

International Women In Engineering Day

Threat Intelligence Expert On EU Joint Cyber Unit

Ethical Hacker Shares Insight On My Egg Bank Ransomware Attack

Expert Commentary – Australian Firms Could Be Forced To Declare...

Turbotax Customer Data Breach – Cyber Expert Comments

Int’l. Cybercrime Prevention Act Rafted To Boost CI Security

Supermarket Chain Wegmans Notifies Customers Of Data Breach

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy