Online Con Tricks Senior Executives Out of Millions

CEOs, MDs and board level execs are being targeted in the latest online security scam which takes advantage of the busy diaries of senior business figures.

Whaling’, a form of spear phishing, sees high-net-worth individuals hoodwinked into authorising online payments to cyber scammers posing as employees or legitimate suppliers.

Notably different to other spear-phishing attacks because of the sums of money involved, cases of the online ‘confidence trick’ are on the rise with huge sums at stake, one MD approved a £30m payment in a single incident.

The targeted spear-phishing attacks use methods such as pretexting and baiting, creating fabricated scenarios and offering free products to build up a fake sense of trust before stealing sensitive information.

Often frontline workers are targeted to gain access to bosses’ credentials and information, helping attackers build a credible method of approach to their target. Posted as urgent and looking legitimate, employees are being duped by the ‘whaling’ techniques, resulting in CFOs and CEOs making massive payments into accounts not run by the company.

Louie Augarde, cyber security specialist at Omni Cyber Security, warns if hackers are able to disrupt sophisticated companies like Twitter and Facebook what’s to stop them from hacking you? “The clean-up of an attack like this is massive so it’s extremely important for C-level employees to sit up and listen. The FBI recently lost 20,000 records from someone calling the helpdesk and pretending to be a new employee. If it can happen to them, it can happen to anyone.”

Paul Johnston, penetration tester at application security specialist company, Secarma, warns that cyber thieves are ready and waiting. “Nothing is going to stop them, so it’s your responsibility to be prepared. Rather than educating your workforce you actually need to test them. There are three steps you need to take with your employees: tell them, test them, and then invest in more technology.... The tech you must invest in is a secure email system. You will see this implemented in security-aware companies. The cost isn’t high, and if you’re looking at the potential cost of an attack then the cost of being safe is priceless.”

With over 8,000 phishing attacks occurring every month in 2016, Lawrence Jones, CEO of internet hosting firm UKFast, believes it’s essential, now more than ever, for companies to step up their cyber security game.

He said: “Cybersecurity is in the news daily and the risks are growing at an alarming rate. We look after nearly 6000 businesses online and we are seeing this kind of confidence trick working with alarming regularity. It’s only a matter of time before a large business is brought down by one of these attacks. It’s time for firms to knuckle down and strengthen their cyber security defences.”

Andrew Barrett, managing director at cyber risk management firm Coal Fire Systems, has seen first-hand just how devastating these attacks can be. He said: “We’re seeing more and more of this switch from the guy on the corner of the street trying to sell something dodgy in person, to criminals performing advanced, persistent attacks on individuals online.

“This is a new cyber-attack mixed with serious human error. I’ve seen attacks in which cyber thieves call up payroll departments pretending to be a C-level employee and say they want to change their sort code and account details. The effects can be devastating.”

The comments were made at a round table event held by cloud and colocation firm UKFast, at UKFast Campus in Manchester.

Digital Forensics:     Hackers Steal $50 Million From Leading Aviation Design Company:
 

 

« No Password Is Too Complex For Hackers
Healthcare Data Breaches In 2017 Will Get Worse »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Digital Forensics Inc (DFI)

Digital Forensics Inc (DFI)

Digital Forensics Inc. is a nationally recognized High Technology Forensic Investigations and Information System Security firm

QNAP Systems

QNAP Systems

QNAP Systems, Inc. delivers world class network attached storage (NAS) and network video recorder (NVR) solutions.

Willis Towers Watson

Willis Towers Watson

Willis Towers Watson is a global risk management, insurance brokerage and advisory company. Services offered include Cyber Risks insurance.

Digital Detective

Digital Detective

Digital Detective offer a range of products and services for digital forensic analysis and advanced data recovery.

Deltagon

Deltagon

Deltagon develops information security solutions to protect companies’ confidential information in e-communication and e-services.

Maritime Cybersecurity Center (MCC)

Maritime Cybersecurity Center (MCC)

Maritime Cybersecurity Center is a not-for-profit organization focused on regional cybersecurity excellence and readiness, with a special emphasis on the maritime community.

Berwick Partners

Berwick Partners

Berwick Partners’ Cyber Security Practice is a leading recruiter of senior management positions in this field; we have an exceptional understanding of the constantly changing Cyber landscape.

Accertify

Accertify

Accertify is a leading provider of fraud prevention, chargeback management, and payment gateway solutions.

National Cybersecurity Preparedness Consortium (NCPC)

National Cybersecurity Preparedness Consortium (NCPC)

The mission of the NCPC is to provide research-based, cybersecurity-related training, exercises and technical assistance to local jurisdictions, counties, states and the private sector.

Cyber Physical Security Research Center (CPSEC)

Cyber Physical Security Research Center (CPSEC)

CPSEC aims to contribute to the security enhancement of industrial infrastructure that creates value across cyber space and physical space.

Stratejm

Stratejm

Stratejm, a Next Generation Managed Security Services Provider, brings innovation and thought leadership to the fight against cyber criminals.

Allied Telesis

Allied Telesis

Allied Telesis delivers the secure, flexible, and agile solutions needed to meet the expectations of any industry’s critical mission.

Focus on Security

Focus on Security

Focus on Security are Cyber Security recruitment specialists. We’re dedicated to connecting you with the top Cyber Security talent across the globe. We focus on partnerships and results.

Muscope Cybersecurity

Muscope Cybersecurity

Muscope CYSR platform performs a risk assessment and offers a comprehensive overview of the potential cyber attack risks.

Iolo

Iolo

Iolo develops patented technology and award-winning software that repairs, optimizes, and protects computers, to maximize system speed and performance while keeping them safe.

InfoSecTrain

InfoSecTrain

InfoSecTrain are a leading training and consulting organization dedicated to providing top-tier IT security training and information security services to organizations and individuals across the globe