Detect Spoofing Before Your Organisation Suffers Fraud

Uploaded on 2022-08-29 in NEWS-News Analysis, FREE TO VIEW, TECHNOLOGY--Resilience

Researchers at Avanan, a Check Point Software company, have detected and blocked a cyber attack that spoofed the CFO of a major sports organisation in a failed attempt at theft. 

Spoofing is cyber attack technique also known as a Business Email Compromise (BEC) fraud, where cyber criminals impersonate organisational supervisors for financial gain. 

The attackers tried to trick a lower-level finance employee into sending funds to an alleged insurance company by passing themselves off as the CFO in a seemingly legitimate email. 

Avanan researchers warn that these cyber attacks are becoming more common, playing on people’s desires to perform well for their boss. The spoofed CFO requested a wire to be sent to what appears to be an insurance company. Avanan Research was able to block the cyber attack.  

Attack Methodology

The BEC attack methodology in this case was as follows: 

  • Hacker first created a spoofed account of the company’s CFO. 
  • Hacker finds the legitimate email address of someone on the finance team.
  • Hacker creates an email that looks like the CFO has forwarded, with attached instructions for wiring and  the URL in the ‘from’ address is taken from copied from the corporate slogan
  • CFO asks employee to wire money instantly 
  •  If the employee bites, money will land in the hackers’ account

In this case the fake message was detected by the “reply-to” address at the top of the email differing from the company’s email address. That was the only thing that alerted the end-user that something was wrong.

Little information is known about the attackers, except that they have struck more than once. Jeremy Fuchs of Avanan commented. “We discovered an attack that spoofs the CFO of a major sports organisation. The spoofed CFO asks a lower level finance employee to send a wire transfer to what appears to be an insurance company. Instead, it would go straight to the hacker. In this case, we were able to successfully block the attack... These ‘business email compromise’ attacks are incredibly popular, difficult to stop and tough to identify."

Users are  strongly recommend to implement advanced email security that relies on more than one factor to determine if an email is legitimate and recipients should be sure to read the entire email before acting, looking for any discrepancies and inconsistencies.

Email Safety Tips

Avanan advise their corporate customers to follow a checklist:

  • Always check reply-to addresses to make sure they match
  • If ever unsure about an email, ask the original sender.
  • Encourage users to ask finance before acting on invoices.
  • Read the entire email; look for any inconsistencies, misspellings or discrepancies.
  • If using banners, be sure to not bombard end-users with them; only use at critical times so that end-users take them seriously.

End users should always exercise caution before paying invoices. It’s best to confirm directly with the CFO before paying out. 

You Might Also Read: 

The Frailty Of Email:

 

« Montenegro Falls Under Attack
Twitter Concealed Known Security Flaws »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Mielabelo

Mielabelo

Belgian consulting firm providing services in the security and compliance of information systems and IT service management.

Backup Systems

Backup Systems

Backup Systems is a leading backup and disaster recovery systems provider across the UK.

National Response Centre for Cyber Crime (NR3C)

National Response Centre for Cyber Crime (NR3C)

National Response Centre for Cyber Crime (NR3C) is a law enforcement agency in Pakistan dedicated to fighting cyber crime.

ThreatMark

ThreatMark

ThreatMark provides fraud detection solutions for digital banking and payments.

Aptiv

Aptiv

Aptiv is a global technology company that develops safer, greener and more connected solutions enabling the future of mobility.

Gallarus Industry Solutions

Gallarus Industry Solutions

Gallarus leads innovation within industrial Manufacturing, Production and Management Systems, including Cyber Security solutions specifically developed to protect against the latest cyber criminality.

Taoglas

Taoglas

Taoglas Next Gen IoT Edge software provides a pay as you go platform for customers to connect, manage and maintain their edge devices in an efficient and secure way.

ShorePoint

ShorePoint

ShorePoint helps customers focus on visibility, analytics and context to make timely and informed risk-based decisions to protect their infrastructure.

Clear Skye

Clear Skye

Clear Skye, an Identity Access and Management (IAM) software company, reimagines enterprise identity access and risk management software to make a complicated problem easier to manage.

QAlified

QAlified

QAlified offer independent testing and quality assurance services for software projects including security testing.

Delinea

Delinea

Delinea is a leading provider of cloud-ready privileged access management (PAM) solutions that empower cybersecurity for the modern, hybrid enterprise.

Securance Consulting

Securance Consulting

Since 2002, Securance has empowered enterprises to assume proactive security, compliance, and risk management strategies.

Prophaze Technologies

Prophaze Technologies

Prophaze enable organizations and SaaS providers to improve their web application cybersecurity and reduce costs through AI automation.

CyberUp

CyberUp

CyberUp is a nonprofit organization created to strengthen the cybersecurity workforce. We help employers reimagine how they grow and scale their cybersecurity workforce.

MyTurn Career LLC

MyTurn Career LLC

Looking for a rewarding career in cybersecurity? Explore a wide range of cybersecurity jobs and opportunities in this rapidly evolving field.

AI Safety Institute (AISI)

AI Safety Institute (AISI)

The AI Safety Institute’s mission is to minimise surprise to the UK and humanity from rapid and unexpected advances in AI.