Online Con Tricks Senior Executives Out of Millions

Uploaded on 2016-12-21 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

CEOs, MDs and board level execs are being targeted in the latest online security scam which takes advantage of the busy diaries of senior business figures.

Whaling’, a form of spear phishing, sees high-net-worth individuals hoodwinked into authorising online payments to cyber scammers posing as employees or legitimate suppliers.

Notably different to other spear-phishing attacks because of the sums of money involved, cases of the online ‘confidence trick’ are on the rise with huge sums at stake, one MD approved a £30m payment in a single incident.

The targeted spear-phishing attacks use methods such as pretexting and baiting, creating fabricated scenarios and offering free products to build up a fake sense of trust before stealing sensitive information.

Often frontline workers are targeted to gain access to bosses’ credentials and information, helping attackers build a credible method of approach to their target. Posted as urgent and looking legitimate, employees are being duped by the ‘whaling’ techniques, resulting in CFOs and CEOs making massive payments into accounts not run by the company.

Louie Augarde, cyber security specialist at Omni Cyber Security, warns if hackers are able to disrupt sophisticated companies like Twitter and Facebook what’s to stop them from hacking you? “The clean-up of an attack like this is massive so it’s extremely important for C-level employees to sit up and listen. The FBI recently lost 20,000 records from someone calling the helpdesk and pretending to be a new employee. If it can happen to them, it can happen to anyone.”

Paul Johnston, penetration tester at application security specialist company, Secarma, warns that cyber thieves are ready and waiting. “Nothing is going to stop them, so it’s your responsibility to be prepared. Rather than educating your workforce you actually need to test them. There are three steps you need to take with your employees: tell them, test them, and then invest in more technology.... The tech you must invest in is a secure email system. You will see this implemented in security-aware companies. The cost isn’t high, and if you’re looking at the potential cost of an attack then the cost of being safe is priceless.”

With over 8,000 phishing attacks occurring every month in 2016, Lawrence Jones, CEO of internet hosting firm UKFast, believes it’s essential, now more than ever, for companies to step up their cyber security game.

He said: “Cybersecurity is in the news daily and the risks are growing at an alarming rate. We look after nearly 6000 businesses online and we are seeing this kind of confidence trick working with alarming regularity. It’s only a matter of time before a large business is brought down by one of these attacks. It’s time for firms to knuckle down and strengthen their cyber security defences.”

Andrew Barrett, managing director at cyber risk management firm Coal Fire Systems, has seen first-hand just how devastating these attacks can be. He said: “We’re seeing more and more of this switch from the guy on the corner of the street trying to sell something dodgy in person, to criminals performing advanced, persistent attacks on individuals online.

“This is a new cyber-attack mixed with serious human error. I’ve seen attacks in which cyber thieves call up payroll departments pretending to be a C-level employee and say they want to change their sort code and account details. The effects can be devastating.”

The comments were made at a round table event held by cloud and colocation firm UKFast, at UKFast Campus in Manchester.

Digital Forensics:     Hackers Steal $50 Million From Leading Aviation Design Company:
 

 

« No Password Is Too Complex For Hackers
Healthcare Data Breaches In 2017 Will Get Worse »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Messageware

Messageware

Messageware is the market leader in securing, enhancing, and customizing Microsoft Exchange and Outlook Web App.

K7 Computing

K7 Computing

K7 provides antivirus and internet security products for business and home users.

Titania

Titania

Titania provide network security and compliance software. Find your Network Security gaps before hackers do with our security & compliance tools.

Ground Labs

Ground Labs

Ground Labs is a security software company dedicated to making sensitive data discovery products that help organisations prevent sensitive data loss.

Neoteric Networks

Neoteric Networks

We deliver a no nonsense procedure to implementing technology. The technology selection process ensures that all customers enjoy an engineered methodology implementing technology.

Khipu Networks

Khipu Networks

Khipu Networks is an award winning Cyber Security Company delivering a wide range of network, wireless and security solutions, technologies and services across multiple sectors.

Hypersecu Information Systems

Hypersecu Information Systems

Hypersecu Information Systems, Inc. is a solution provider dedicated to multi-factor authentication, public key infrastructure and software copyright protection.

CyberProof

CyberProof

CyberProof aims to give clarity and confidence to businesses worldwide using a new risk-based approach to cyber security services.

OutThink

OutThink

OutThink is a web-based platform (SaaS) that has been developed specifically to identify and reduce risky workforce behaviours and build a risk aware culture.

KOVRR

KOVRR

Kovrr financially quantifies cyber risk on demand. Our technology enables decision makers to seamlessly drive actionable cyber risk management decisions.

ShorePoint

ShorePoint

ShorePoint helps customers focus on visibility, analytics and context to make timely and informed risk-based decisions to protect their infrastructure.

DataDog

DataDog

DataDog provides Cloud-native Security Monitoring. Real-time threat detection across your applications, network, and infrastructure.

CyberArmor

CyberArmor

Cyber Armor defend everyday IT and OT systems, from government agencies to critical infrastructure, from system integrators to small industries.

Cyral

Cyral

Easily observe, control, and protect your data endpoints in a cloud and DevOps-first world. Discover Data Mesh Security with Cyral.

Turk Telekom

Turk Telekom

Turk Telekom is the first integrated telecommunications operator in Turkey.

c0c0n

c0c0n

c0c0n is the longest running conferences in the area of Information Security and Hacking, in India.