At a recent Cybercrime seminar for our clients I, and our two experts, Dionach and Taylor Made, set out some very important steps to take to foil a cyber-attack, particularly in the most difficult area of Social Engineering or the Human Firewall as it’s become known.
In this blog I aim to raise awareness of a growing threat which involves the use of Social Engineering to breach a company’s IT defences. This is because it seems that senior staff, who are usually very busy, can be tricked into following payment instructions that they think are from a genuine internal source.
The scenario is that the criminal will find out, from a range of public sources, who is operating at a senior level within an organisation and also which staff deal with payments out. They then send an email from a senior person in the target organisation (commonly the Chief Executive) which is very realistic. It’s usually addressed to the Finance Director instructing that a substantial sum be paid urgently into a vendor’s bank account to avoid penalty payments.
This is, in fact, the criminal’s bank account.
In this way criminals are routinely getting away with persuading some very senior executives to make payments to fraudulent bank accounts and, no doubt, others will follow.
Most Blogs of this nature advise on how to prevent such an attack but I want to stress the importance of thinking about what you would immediately o if it just happened! The answer is to plan ahead.
First, draw up a new page for your disaster recovery plan. This will help you recover in the event of that awful moment that you realise you have just made a large payment into a fraudulent bank account! Time is of the essence so have your recovery plan ready and I suggest that it contain the following:
It’s a sobering thought that the criminals who perpetrate these frauds are very patient and determined people and every day businesses of all shapes and sizes are being hit.
Whatever we do to prevent it happening the criminals seem to find ever more clever ways to get around our precautions. So, be prepared and have your recovery plan and notes to hand.