Online Con Tricks Senior Executives Out of Millions

Uploaded on 2016-12-21 in NEWS-News Analysis, GOVERNMENT-Law Enforcement, FREE TO VIEW

CEOs, MDs and board level execs are being targeted in the latest online security scam which takes advantage of the busy diaries of senior business figures.

Whaling’, a form of spear phishing, sees high-net-worth individuals hoodwinked into authorising online payments to cyber scammers posing as employees or legitimate suppliers.

Notably different to other spear-phishing attacks because of the sums of money involved, cases of the online ‘confidence trick’ are on the rise with huge sums at stake, one MD approved a £30m payment in a single incident.

The targeted spear-phishing attacks use methods such as pretexting and baiting, creating fabricated scenarios and offering free products to build up a fake sense of trust before stealing sensitive information.

Often frontline workers are targeted to gain access to bosses’ credentials and information, helping attackers build a credible method of approach to their target. Posted as urgent and looking legitimate, employees are being duped by the ‘whaling’ techniques, resulting in CFOs and CEOs making massive payments into accounts not run by the company.

Louie Augarde, cyber security specialist at Omni Cyber Security, warns if hackers are able to disrupt sophisticated companies like Twitter and Facebook what’s to stop them from hacking you? “The clean-up of an attack like this is massive so it’s extremely important for C-level employees to sit up and listen. The FBI recently lost 20,000 records from someone calling the helpdesk and pretending to be a new employee. If it can happen to them, it can happen to anyone.”

Paul Johnston, penetration tester at application security specialist company, Secarma, warns that cyber thieves are ready and waiting. “Nothing is going to stop them, so it’s your responsibility to be prepared. Rather than educating your workforce you actually need to test them. There are three steps you need to take with your employees: tell them, test them, and then invest in more technology.... The tech you must invest in is a secure email system. You will see this implemented in security-aware companies. The cost isn’t high, and if you’re looking at the potential cost of an attack then the cost of being safe is priceless.”

With over 8,000 phishing attacks occurring every month in 2016, Lawrence Jones, CEO of internet hosting firm UKFast, believes it’s essential, now more than ever, for companies to step up their cyber security game.

He said: “Cybersecurity is in the news daily and the risks are growing at an alarming rate. We look after nearly 6000 businesses online and we are seeing this kind of confidence trick working with alarming regularity. It’s only a matter of time before a large business is brought down by one of these attacks. It’s time for firms to knuckle down and strengthen their cyber security defences.”

Andrew Barrett, managing director at cyber risk management firm Coal Fire Systems, has seen first-hand just how devastating these attacks can be. He said: “We’re seeing more and more of this switch from the guy on the corner of the street trying to sell something dodgy in person, to criminals performing advanced, persistent attacks on individuals online.

“This is a new cyber-attack mixed with serious human error. I’ve seen attacks in which cyber thieves call up payroll departments pretending to be a C-level employee and say they want to change their sort code and account details. The effects can be devastating.”

The comments were made at a round table event held by cloud and colocation firm UKFast, at UKFast Campus in Manchester.

Digital Forensics:     Hackers Steal $50 Million From Leading Aviation Design Company:
 

 

« No Password Is Too Complex For Hackers
Healthcare Data Breaches In 2017 Will Get Worse »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

Join this webinar to learn how the cloud threat landscape is evolving and organizations are deploying more advanced and capable security controls at scale.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CEPS

CEPS

CEPS is a leading think tank and forum for debate on EU affairs, ranking among the top think tanks in Europe. Topic areas include Innovation, Digital economy and Cyber-security.

HackCon Norway

HackCon Norway

HackCon is for the people who are interested in technology, psychology, IT and security, and who wants to improve their knowledge within these areas.

AuthenTrend

AuthenTrend

AuthenTrend provide biometric authentication products to achieve high security with extreme ease-of-use for the user.

Ceerus

Ceerus

Ceerus was created to simplify the process of deploying and managing security across all the channels in an organisation.

ShadowDragon

ShadowDragon

ShadowDragon develops digital tools that simplify the complexities of modern investigations that involve multiple online environments and technologies.

Eseye

Eseye

Eseye is a global specialist supplier of cellular internet connectivity for intelligent IoT (Internet of Things) devices.

Mitre

Mitre

At Mitre we work across government to tackle challenges to the safety, stability, and well-being of our nation. Areas of expertise include Cybersecurity.

Araxxe

Araxxe

Araxxe delivers Revenue Assurance, End-to-End Billing Verification and Interconnect Fraud Detection solutions to communication companies worldwide.

QuillAudits

QuillAudits

QuillAudits offers advanced Ethereum, EOS, TRON smart contract audit, blockchain protocol security and formal verification to ensure your platform’s integrity.

Fend

Fend

Fend secures smart infrastructure. We provide a robust, highly secure way to have situational awareness of IoT enabled assets.

HackControl

HackControl

HackControl services include penetration tests, security audits, block chain audits and brand and anti-phishing protection.

SecureTech360

SecureTech360

SecureTech360 is a cybersecurity and IT consulting firm whose principals have extensive experience in Cybersecurity and Information Technology.

Munio

Munio

Munio's mission is to ensure businesses and organizations of every size business continuity from cyber risks, beginning with a cyber risk management solution comprising of security and risk transfer.

Trusted Security Solutions (TSS)

Trusted Security Solutions (TSS)

TSS are specialist in IT Security and providing Cybersecurity Solutions & Services combined with storage and backup.

Balance Theory

Balance Theory

Balance Theory provides the knowledge infrastructure and collaboration center for the cybersecurity community. A networked community to build better cybersecurity outcomes.

Eleos Labs

Eleos Labs

Eleos Labs' suite of security tools prevent Web3 cyber attacks, reduce economic risks, and protect digital assets.