Online Con Tricks Senior Executives Out of Millions

Uploaded on 2016-12-21 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

CEOs, MDs and board level execs are being targeted in the latest online security scam which takes advantage of the busy diaries of senior business figures.

Whaling’, a form of spear phishing, sees high-net-worth individuals hoodwinked into authorising online payments to cyber scammers posing as employees or legitimate suppliers.

Notably different to other spear-phishing attacks because of the sums of money involved, cases of the online ‘confidence trick’ are on the rise with huge sums at stake, one MD approved a £30m payment in a single incident.

The targeted spear-phishing attacks use methods such as pretexting and baiting, creating fabricated scenarios and offering free products to build up a fake sense of trust before stealing sensitive information.

Often frontline workers are targeted to gain access to bosses’ credentials and information, helping attackers build a credible method of approach to their target. Posted as urgent and looking legitimate, employees are being duped by the ‘whaling’ techniques, resulting in CFOs and CEOs making massive payments into accounts not run by the company.

Louie Augarde, cyber security specialist at Omni Cyber Security, warns if hackers are able to disrupt sophisticated companies like Twitter and Facebook what’s to stop them from hacking you? “The clean-up of an attack like this is massive so it’s extremely important for C-level employees to sit up and listen. The FBI recently lost 20,000 records from someone calling the helpdesk and pretending to be a new employee. If it can happen to them, it can happen to anyone.”

Paul Johnston, penetration tester at application security specialist company, Secarma, warns that cyber thieves are ready and waiting. “Nothing is going to stop them, so it’s your responsibility to be prepared. Rather than educating your workforce you actually need to test them. There are three steps you need to take with your employees: tell them, test them, and then invest in more technology.... The tech you must invest in is a secure email system. You will see this implemented in security-aware companies. The cost isn’t high, and if you’re looking at the potential cost of an attack then the cost of being safe is priceless.”

With over 8,000 phishing attacks occurring every month in 2016, Lawrence Jones, CEO of internet hosting firm UKFast, believes it’s essential, now more than ever, for companies to step up their cyber security game.

He said: “Cybersecurity is in the news daily and the risks are growing at an alarming rate. We look after nearly 6000 businesses online and we are seeing this kind of confidence trick working with alarming regularity. It’s only a matter of time before a large business is brought down by one of these attacks. It’s time for firms to knuckle down and strengthen their cyber security defences.”

Andrew Barrett, managing director at cyber risk management firm Coal Fire Systems, has seen first-hand just how devastating these attacks can be. He said: “We’re seeing more and more of this switch from the guy on the corner of the street trying to sell something dodgy in person, to criminals performing advanced, persistent attacks on individuals online.

“This is a new cyber-attack mixed with serious human error. I’ve seen attacks in which cyber thieves call up payroll departments pretending to be a C-level employee and say they want to change their sort code and account details. The effects can be devastating.”

The comments were made at a round table event held by cloud and colocation firm UKFast, at UKFast Campus in Manchester.

Digital Forensics:     Hackers Steal $50 Million From Leading Aviation Design Company:
 

 

« No Password Is Too Complex For Hackers
Healthcare Data Breaches In 2017 Will Get Worse »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Jumpsec

Jumpsec

Jumpsec provides penetration testing, security assessments, social engineering testing, cyber incident response, training and consultancy services.

Netteam

Netteam

Netteam designs, implements and services networking solutions for companies of all sizes.

Baffle

Baffle

Baffle is pioneering a solution that makes data breaches irrelevant by keeping data encrypted from production through processing.

Cryptsoft

Cryptsoft

Cryptsoft provides key management and security software development toolkits based around open standards such as OASIS KMIP and PKCS#11.

achelos

achelos

achelos is an independent software development company providing innovative technical solutions for micro-processor chips / security chips and embedded systems in security-critical application fields.

Slovenian Digital Coalition

Slovenian Digital Coalition

Slovenian Digital Coalition is a coalition working in the field of smart cities, e-commerce, e-skills, e-inclusion, cyber security, internet and other areas related to developing the digital society.

Xalient

Xalient

Xalient is an IT consulting and managed services business, specialising in modern, software-defined networking, security and communications technologies.

Oman Technology Fund (OTF)

Oman Technology Fund (OTF)

Oman Technology Fund aims to make Oman the preferred destination for emerging tech companies in the region, and an attractive and stimulating destination for venture capital.

Upstack

Upstack

UPSTACK - One partner, end-to-end expertise, helping develop the solutions you need – when you need them.

Eventus Security

Eventus Security

Eventus, are a team of highly skilled professionals who are committed to deliver excellence in next generation cyber security services and customized solutions for your enterprise.

PeoplActive

PeoplActive

PeoplActive is an IT consulting and recruitment services organization with leading capabilities in digital, cloud and security.

Cyber News Live

Cyber News Live

Welcome to Cyber News Live (CNL), we are dedicated to keeping everyone safe online. We provide vital information.

Aura Information Security

Aura Information Security

Aura Information Security consists of a team of highly-skilled and renowned information security professionals spanning Australia and New Zealand.

Layer 8 Security

Layer 8 Security

Layer 8 Security is a cybersecurity advisory, consulting, and technical services firm that arms businesses with practical compliance, risk management, and security program strategies.

Bytium

Bytium

Bytium provides top-tier IT services and solutions designed to empower everyone, from individuals to global corporations. Specializing in cybersecurity and proactive IT management.

QRC Assurance & Solutions

QRC Assurance & Solutions

QRC is a PCI QSA, QPA, ISO accredited, CPA and CERT-IN empanelled organization with vast experience in conducting certification, regulatory audits, pen testing services, training and more.