Cyber security has become a buzzword in the business environment due to the numerous breaches reported. In 2016 alone, there were reports about breaches in LinkedIn and MySpace. The Bangladesh Bank was robbed of $81 million via a SWIFT transfer, IRS, and the true extent of the Yahoo breach in 2014 is being reported. Hospitals and other healthcare organisations suffered ransomware attacks. In addition to attacks on companies, cyber criminals also target individuals with various different scams. In this series, we discuss more common scams you may come across, not only while browsing the internet or doing banking, but also in your everyday use of computers and other mobile devices. In this, Part 1, we cover Business Email Compromise, commonly known as Whaling.
Business Email Compromise (BEC Scams), commonly known as Whaling
Business Email Compromise (BEC) scams also known as CEO fraud or whaling attacks, have caused losses of more than $2.3 billion to businesses over the past three years. The attacker designs an e-mail that appears to be from a reliable source, requesting funds urgently. A common example is from the CEO of the company to the financial manager or accounting department.
Attackers do research on company’s websites, social and other media, obtaining detail about the company’s executives, employees and their position in the company. This results in very targeted, personalised attacks which makes it very difficult to identify. The attackers do not need access to the company’s e-mail accounts or domain to forge the e-mail. Instead, they use botnets or zombies that act as mail servers, allowing them to manipulate the “From” field to any value. Alternatively, they register a domain similar to that of the company, e.g. CompanyA.co where the target company’s domain is CompanyA.com.
Steps to protect against whaling include:
- When receiving suspicious e-mails, look out for these warning signs:
- Check if the domain is manipulated to look the same as the company’s domain.
- Common whaling words are “wire transfer”, “bank transfer” etc.
- The e-mail contains a link or attachment. These links normally open a website that asks for personal information or installs malicious software when clicking on the attachment.
- E-mails asking you for a username and password to open
- The e-mail address from which the e-mail was received is different when you click on reply.
- Implementing inbound e-mail stationery to enable employees to determine if the e-mails were sent from a reliable source.
- Require a second verification method on large transactions, such as following up with the sender via another communication method.
- Make use of domain-alerting services which will notify you when a new domain is registered and whose name is close to the company’s domain.
- Inform your staff regularly. Remind them of what warning signs to look out for when receiving e-mails.
Our 5 Part series on Cyber Security will cover other techniques cyber criminals use. In Part 2 in the December edition of our newsletter, we will take a look at the warning signs of telephonic hackers for unsuspecting users who may fall into their traps. To fight cyber security, we must stay informed.
Sources: