Despite all the IT security systems out there, online cyber criminals are getting away with increasingly larger amounts of information and money. The number of breeches is concerning with larger and larger amounts of data being illegally hacked. One specific instance of this illegal action, and topic of this article, is the act of hijacking your wires.
“No one ever thinks this can happen to them, but I’ve seen it happen over and over again to people sophisticated enough to be wiring 6 and 7 figure dollar values.”
This is done by tricking unsuspecting victims through a faked email to wire a set of funds to the criminal in question. These fraudsters are so good that they managed to get $56 million from FACC causing the CEO to lose his job and the share price to plummet by double digit figures. The FBI suggests that scams like these have cost companies more than $2.3 billion dollars in the past three years. A Mattel executive, in his haste to impress his new boss, was tricked into sending $3 million dollars to a bank account in Wenzou, China. In New Zealand in 2015, Bronwyn Koroheke – and extremely decorated and experienced accountant – wired $79,000 to a Hong Kong bank account. The hackers in her case were so diligent, the request landed right in her inbox and even contained a picture of her boss.
There are several activities involved in this process which the industry has given cute water related terms to. Since the internet is as big as it is mysterious, then perhaps the ocean is a good analogy. Let’s run how a wire might get misdirected using these terms.
The first thing the cybercriminal would need to do is to gather information about your wiring processes. This is done by setting up a “Watering Hole”, which is a website that downloads malware onto a computer that visits the site. Once this malware is on the computer the cybercriminal can monitor your activity or gather information from your computer. They do this to enough computers until they find something interesting like the person who can send wires. Another way to get this is a technique called “Phishing emails” that tries to get users to send over confidential information or open an attachment to get this malware to run on the computer.
Once the cybercriminal has the information they need, they can then send an email to impersonate the boss requesting a wire to be sent out to the criminal. This approach, a social engineering grift technique, is called “whaling” and it’s on the rise. Since the cybercriminal has access to information and the accounts, they can create a new account that looks very much like the account one normally wires to with a change in a single character in the name that could go unnoticed. So, the unsuspecting wire agent just thinks they are doing a routine wire, but instead are wiring to the cybercriminal.
Typically, the best way to avoid getting caught is to have a verification step to ensure the email is authentic. A typical good verification could be a phone call back to the requester to confirm the destination and amount. This call back is verifying another “factor” of the requests. So, the lingo in the industry would call this 2-factor authentication. If the voice is a known and identifiable then we have a 3rd factor to verify. The more checks, the more secure, but less convenient. As with most IT security issues, one must balance convenience with security.
The obvious solution is to have an updated version of AntiVirus to catch and remove the malware. This works well for existing and known malware and virus’. But these are not so effective against new viruses, also known as “Zero Day” viruses. Depending on your version of antivirus, they can be from 0% to 65% effective. So, if you have the best antivirus on the market 35% of the Zero Day malware will go undetected.
This undetected set of virus’ on the computer systems out there is a big problem and antivirus in its current state is not the solution.
For ideas on how to address this issue further, stay tuned for our next newsletter where I talk more in depth on how to prevent unwanted eyes on your networks or feel free to contact JIG directly.
Toll Free: 1-866-615-2786