– This continues to be one of the most effective ways that a malicious actor can monetise a successful cyber-attack. Through careful manipulation of key individuals, usually in finance teams or leadership positions, attackers can obtain substantial pay outs.
How do these attacks work?
The primary target is the individual (or individuals) who traditionally has the authority to move large amounts of money in an organisation. One example:
- An attacker gains access to a finance user’s mailbox
- The attacker searches through the mailbox to find potential targets
- Once a target has been selected (e.g. a customer), the attacker sets up services to masquerade as both the customer and the finance user.
- The attacker injects himself into an existing conversation between both victims
- Once in, they convince the customer to change payment details
- The customer sends future payments to attacker-controlled bank account
One can be exposed to this type of fraud both as a supplier and as a customer. A few simple measures can contribute to increased security against this type of cyber fraud, and Sarah highlights four key points to consider:
- Proactively inform customers that you will never ask them to change their payment details via email – remind them of this regularly
- Put controls in place to ensure that supplier payment details cannot be changed without confirmation via phone call, to a number on the official company website
- Ensure that your users are trained how to identify and report sophisticated phishing emails – test them regularly via simulated phishing campaigns
- Ensure shared mailbox and distribution group memberships are carefully managed
– And for the record, Sarah states; F24 UK follow a strict process of sending invoices and confirming the details with our clients. We will never use e-mail to request changed payment information.