Phishing – What is it and could it impact you?

Phishing - what is it

Important information for any person that may run a business and deal with vendors or cliental via the internet in any capacity. As the world of technology continues to seemingly advance, so too do the ‘opportunists’ set in, criminals who look to advance their skills and take advantage of a society using the online world to communicate and operate their businesses.

Most people when hearing about the online world and the benefits of digital communication and online business transactions would believe that the online world would be making their lives easier and run more efficiently. The convenience of being able to quickly send an email to your business employees, clients or suppliers with instructions, orders or simply completing online payments saves time and, could have the potential to reduce daily operation costs.

But when beginning to run a business at what point are you informed about the modern-day criminal that can attack you and or break in without even breaking the security code at your premises? That as far as you are concerned everything from the outside looks and seems normal but on the inside they have been able to infiltrate. Being able gain access to all your businesses monetary earning simply through emails?

Have you been informed of a simple do and don’t list to ensure that your business is not leaving its doors wide open to international criminals that do not have to leave their own lounge chair to access you?

To paint the picture of what here is being discussed and the international impact of this criminal activity. Over a 12-month period world-wide there were 6.2 billion attempted attacks to businesses and organisation online. One of these avenues of criminal behaviour is called Phishing. Phishing attacks were responsible for as much as 73% of malware being delivered to organisations world-wide in only a 12month period.

To understand further this form of crime – Phishing is when a website, online service, phone call or even text message poses as a company or brand you recognise. In more recent years it has also developed to encompass masking as employees or even managers of the same business or organisation that you run or work for. The idea of phishing is as simple as it sounds throw out bait into the ocean of the world-wide-web and see who or what takes a bite. It is specifically designed to convince you to hand over valuable personal details, money or even download something that will infiltrate and infect your computer. The criminals phish for their potential victims by sending emails, social media messages, text messages or even phone calls with an urgent message of action in the hope of persuading someone to act immediately.

As a progression from your standard phishing attempt, criminals have also extended their focus to Business Email Compromising schemes also known as BEC. These are a sophisticated scam targeting businesses working with foreign suppliers and businesses that regularly perform wire transfer payments.

Business Email Compromise schemes usually begin from criminals phishing the executive or director of an organisation to gain access to their inbox or contact list. Once the criminal has taken access then one of the following five actions tend to take place:

There are several other routes the modern-day criminal can take, but the above mentioned alone have seen an increase in Business Email Compromising Schemes or 2370% in the last two years. According to the FBI, BEC schemes have caused at least $3.1 billion in total losses to approximately 22,000 enterprises around the world over in the past two years.

Phishing - what is it

To provide an example of what is here being described:

Example 1:
Sam is the corporate controller of ABC, Inc., an online furniture retailer. As part of his job, Sam approves wire transfers to ABC’s suppliers, many of them Chinese companies. One day, Sam receives an email from ABC’s CEO. The email says that ABC just completed negotiations to buy one of its Chinese suppliers. The email tells Sam to await instructions from ABC’s accounting firm and to speak to no one else about the sale. According to the email, SEC regulations require the details of the sale to remain confidential at this point. A few hours later, Sam receives an email from ABC’s accounting firm, which instructs him to wire $500,000 to a Chinese bank immediately. Sam approves the wire transfer.

Later, Sam discovers that both emails were fraudulent, that there was no sale and that he wired $500,000 of ABC’s money directly to fraudsters. ABC was the victim of a business email compromise (BEC) scam (also known as CEO fraud).

http://www.acfe.com/fraud-examiner.aspx?id=4294994000

 

Example 2:

The local council of the Australian city of Brisbane was targeted by scammers through fake invoices over the past month. According to reports, the scammers phoned and emailed the council posing as one of its suppliers, and were able to steal A$450,000.

https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/brisbane-council-loses-450k-aud-to-bec-scam

 

So remember – phishing online is a real occurrence and every organisation needs to be aware of 4 very simple possible ‘break in’s’ to your online business operation.

  1. Criminals have the potential to pose as a boss of a company instructing staff to make online transfers into the criminals account.
  2. Criminals may impersonate the IT department of a bank saying they want to make a test transfer – Key reminder: It may not be a test.
  3. Criminals can claim to be a supplier and ask for outstanding invoices to be paid into a new bank account
  4. Employees click on links within phishing emails containing malware (virus software) which authorises many small payments to the criminals account.

 

So what can you do to step up the security of your business:

If you suspect that you have been targeted by a BEC email, report the incident immediately to the police.

 

References:

https://www.nttcomsecurity.com/us/uploads/documentdatabase/US_NTT_Security_GTIR_2017_Key_Findings_Focus_UEA_v1.pdf

https://threatpost.com/business-email-compromise-losses-up-2370-percent-since-2015/125469/

https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/brisbane-council-loses-450k-aud-to-bec-scam

 

Related Tags: Cyber Abuse, Online Phishing, What is Phishing