At a recent Cybercrime seminar for our clients I, and our two experts, Dionach and Taylor Made, set out some very important steps to take to foil a cyber-attack, particularly in the most difficult area of Social Engineering or the Human Firewall as it’s become known.
In this blog I aim to raise awareness of a growing threat which involves the use of Social Engineering to breach a company’s IT defences. This is because it seems that senior staff, who are usually very busy, can be tricked into following payment instructions that they think are from a genuine internal source.
The scenario is that the criminal will find out, from a range of public sources, who is operating at a senior level within an organisation and also which staff deal with payments out. They then send an email from a senior person in the target organisation (commonly the Chief Executive) which is very realistic. It’s usually addressed to the Finance Director instructing that a substantial sum be paid urgently into a vendor’s bank account to avoid penalty payments.
This is, in fact, the criminal’s bank account.
In this way criminals are routinely getting away with persuading some very senior executives to make payments to fraudulent bank accounts and, no doubt, others will follow.
Most Blogs of this nature advise on how to prevent such an attack but I want to stress the importance of thinking about what you would immediately o if it just happened! The answer is to plan ahead.
First, draw up a new page for your disaster recovery plan. This will help you recover in the event of that awful moment that you realise you have just made a large payment into a fraudulent bank account! Time is of the essence so have your recovery plan ready and I suggest that it contain the following:
- Remain calm and take immediate steps to have the recipient account frozen pending investigation and hopefully the return of the lost funds.
- List the contact numbers for the main banks’ fraud report lines. This is the first number you call so be prepared to give them all relevant details of the payment.
- Call your own bank’s relationship manager. This person can make separate enquiries and break through barriers that may be encountered. There’s nothing like being put on hold listening to Green Sleeves whilst crooks get away with your hard earned money!
- Follow instructions and within an hour you should know if there are funds still with the recipient bank account and that it is frozen, pending investigation.
- Note the bank’s incident reference numbers.
- Be prepared for it to take up to 30 days for the recipient bank to complete their investigations and reimburse funds.
- Devise a PR statement in case the incident gets out to local media.
- Advise staff of the incident and ask them to be vigilant and follow procedures.
- Instruct your IT manager to check your own IT for any breach.
- Notify the Police via their National Fraud and Cybercrime report facility.
- If you are a regulated business you are likely required to report the details to the appropriate body.
- Set out in your plan what insurance cover you have for fraud and cyber attack losses. Include claim line numbers.
- Set up an internal crisis team to manage the incident and establish whether procedures need updating etc.
It’s a sobering thought that the criminals who perpetrate these frauds are very patient and determined people and every day businesses of all shapes and sizes are being hit.
Whatever we do to prevent it happening the criminals seem to find ever more clever ways to get around our precautions. So, be prepared and have your recovery plan and notes to hand.