It won’t happen to me – until it does. And right now it’s happening to a lot of Australian finance personnel.
Analysis by Trend Micro reveals that the Director of Finance has emerged as the preferred target for cyber criminals in targeted email attacks. In fact all of the top five targets for what are described as ‘business email compromise’ attacks are in the finance team with director of finance most vulnerable, followed by finance manager, accountant, CFO and finance controller.
It’s the day to day managers of finances who are now considered most vulnerable to business email compromise or “whaling”.
A step up from so called email “phishing” attacks, “whaling” targets employees higher up the food chain hoping the rewards will be bigger. But not too high – the CFO might be more likely to hop on the phone and quiz the CEO about exactly why he or she needs a transfer of $100,000 than someone lower down the finance food chain.
Australia and the US endured the highest number of such scam attempts according to recent Trend Micro’s analysis.
Whaling often relies on scammers researching the profiles of executives (this is described by security experts as “spear” phishing because of the highly targeted attack it allows) before sending a well-crafted and specific email. According to Trend Micro’s research, in most cases the cyber attackers masquerade as the CEO or managing director, and send an email telling the recipient to do something.
In some cases employees have been tricked into releasing funds or sensitive information and such attacks have cost global businesses more than $US5.3 billion according to the FBI which tracks reported cases of such attacks in 131 countries worldwide.
Where the bogus email does not ask for money to be transferred to an account or for data to be released, it might arrive with an attachment, or link to a website.
When the unsuspecting recipient opens the attachment or clicks on the link malware is loaded onto the machine, or Ransomware is deployed, which can lock up a company’s computer system unless a ransom is paid.
Often the only alternative to fixing the latter problem is to rebuild the computer systems from back ups – assuming the company has them.
According to Trend Micro the number of business email compromises soared 106 per cent between the first and second halves of 2017. “This growth continues in 2018 reaching nearly 4,000 scams in the first quarter alone. So far for 2018 we continuously see almost 1,000 BEC scams per month.”
According to Australia’s Computer Emergency Response Team, CERT; “Individuals with a large amount of personal or corporate information online are easy targets. Adversaries use carefully tailored attempts to appeal to a target by using their personal and professional circumstances and social networks. In this way, targets of spear phishing emails are duped into opening malicious attachments and links.
“Adversaries also make use of publicly available industry information such as annual reports, shareholder updates and media releases to craft spear phishing emails, and use sophisticated malware to evade detection.”
It recommends individuals:
- Are careful about what they share online, both personally and professionally;
- Don’t click on links or download attachments unless certain the email is legitimate. If in doubt manually type in the address to a browser rather than clicking on a link;
- Trust your instincts – if something seems odd – phone to check it was actually sent by the person identified as the sender in the email; and
- Report suspicious emails to IT security.