Detect Spoofing Before Your Organisation Suffers Fraud

Uploaded on 2022-08-29 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Resilience

Researchers at Avanan, a Check Point Software company, have detected and blocked a cyber attack that spoofed the CFO of a major sports organisation in a failed attempt at theft. 

Spoofing is cyber attack technique also known as a Business Email Compromise (BEC) fraud, where cyber criminals impersonate organisational supervisors for financial gain. 

The attackers tried to trick a lower-level finance employee into sending funds to an alleged insurance company by passing themselves off as the CFO in a seemingly legitimate email. 

Avanan researchers warn that these cyber attacks are becoming more common, playing on people’s desires to perform well for their boss. The spoofed CFO requested a wire to be sent to what appears to be an insurance company. Avanan Research was able to block the cyber attack.  

Attack Methodology

The BEC attack methodology in this case was as follows: 

  • Hacker first created a spoofed account of the company’s CFO. 
  • Hacker finds the legitimate email address of someone on the finance team.
  • Hacker creates an email that looks like the CFO has forwarded, with attached instructions for wiring and  the URL in the ‘from’ address is taken from copied from the corporate slogan
  • CFO asks employee to wire money instantly 
  •  If the employee bites, money will land in the hackers’ account

In this case the fake message was detected by the “reply-to” address at the top of the email differing from the company’s email address. That was the only thing that alerted the end-user that something was wrong.

Little information is known about the attackers, except that they have struck more than once. Jeremy Fuchs of Avanan commented. “We discovered an attack that spoofs the CFO of a major sports organisation. The spoofed CFO asks a lower level finance employee to send a wire transfer to what appears to be an insurance company. Instead, it would go straight to the hacker. In this case, we were able to successfully block the attack... These ‘business email compromise’ attacks are incredibly popular, difficult to stop and tough to identify."

Users are  strongly recommend to implement advanced email security that relies on more than one factor to determine if an email is legitimate and recipients should be sure to read the entire email before acting, looking for any discrepancies and inconsistencies.

Email Safety Tips

Avanan advise their corporate customers to follow a checklist:

  • Always check reply-to addresses to make sure they match
  • If ever unsure about an email, ask the original sender.
  • Encourage users to ask finance before acting on invoices.
  • Read the entire email; look for any inconsistencies, misspellings or discrepancies.
  • If using banners, be sure to not bombard end-users with them; only use at critical times so that end-users take them seriously.

End users should always exercise caution before paying invoices. It’s best to confirm directly with the CFO before paying out. 

You Might Also Read: 

The Frailty Of Email:

 

« Montenegro Falls Under Attack
Twitter Concealed Known Security Flaws »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

InfoSec World

InfoSec World

InfoSec World conference and expo covers all aspects of information security with a broad agenda of sessions on key security issues.

totemo

totemo

Totemo offers solutions for the secure exchange of business information.

Cyberteq

Cyberteq

Cyberteq is an innovative Information and Communication Technology Consulting Company, enabling it’s customers to take full advantage of the latest technologies in a secure manner.

Magix Security

Magix Security

Magix Security assesses the cyber threat, gives you visibility of how vulnerable your business is to attack, and provides cybercrime detection and prevention services.

Morphus Information Security

Morphus Information Security

Morphus is an information security company providing Red Team, Blue Team and GRC services as well as conducting research in cybersecurity and threat analysis.

La Fosse Associates

La Fosse Associates

The InfoSec Recruitment team at La Fosse Associates specialises in placing Information Security & Risk professionals on a permanent and contract basis.

Moviri

Moviri

Moviri combines security technology engineering, intelligence expertise and our data science DNA to help companies manage digital risk end-to-end.

Ascent Cyber

Ascent Cyber

Ascent Cyber provide simple and stress-free solutions to protect your business and its customers from the worries and costs of cybercrime.

MindWise

MindWise

MindWise is a comprehensive global threat monitoring solution with implementations for fraud prevention and enterprise threat intelligence.

IGI Cybersecurity

IGI Cybersecurity

IGI Cybersecurity delivers people-driven cybersecurity for personalized, resilient cyber defense focused on individualized strategy and unshakeable partnership.

Cybalt

Cybalt

Cybalt is a security services company that provides end-to-end security solutions to help clients achieve their business goals.

Kodem Security

Kodem Security

Our mission is to make AppSec simple. Meet the world’s first dynamic software composition analysis platform. Only Kodem uses runtime intelligence to determine application risk.

Technoware Solutions

Technoware Solutions

Technoware Solutions is a global company committed to helping entities navigate the digital waters of modernizing their system processes in an ever changing cybersecurity landscape.

Hummingbird International

Hummingbird International

Hummingbird International, LLC offers services for the collection, audit, computer recycling and safe disposal of laptops, monitor/LCD, hard drives, and IT disposal.

Skillfield

Skillfield

Skillfield is a Melbourne based Cyber Security and Data Services consultancy and professional services company.

Axiler

Axiler

Axiler’s AI-driven self-healing architecture seamlessly detect, patch, and neutralize threats in real-time, ensuring systems remain secure and ever-adaptable.