Detect Spoofing Before Your Organisation Suffers Fraud

Uploaded on 2022-08-29 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Resilience

Researchers at Avanan, a Check Point Software company, have detected and blocked a cyber attack that spoofed the CFO of a major sports organisation in a failed attempt at theft. 

Spoofing is cyber attack technique also known as a Business Email Compromise (BEC) fraud, where cyber criminals impersonate organisational supervisors for financial gain. 

The attackers tried to trick a lower-level finance employee into sending funds to an alleged insurance company by passing themselves off as the CFO in a seemingly legitimate email. 

Avanan researchers warn that these cyber attacks are becoming more common, playing on people’s desires to perform well for their boss. The spoofed CFO requested a wire to be sent to what appears to be an insurance company. Avanan Research was able to block the cyber attack.  

Attack Methodology

The BEC attack methodology in this case was as follows: 

  • Hacker first created a spoofed account of the company’s CFO. 
  • Hacker finds the legitimate email address of someone on the finance team.
  • Hacker creates an email that looks like the CFO has forwarded, with attached instructions for wiring and  the URL in the ‘from’ address is taken from copied from the corporate slogan
  • CFO asks employee to wire money instantly 
  •  If the employee bites, money will land in the hackers’ account

In this case the fake message was detected by the “reply-to” address at the top of the email differing from the company’s email address. That was the only thing that alerted the end-user that something was wrong.

Little information is known about the attackers, except that they have struck more than once. Jeremy Fuchs of Avanan commented. “We discovered an attack that spoofs the CFO of a major sports organisation. The spoofed CFO asks a lower level finance employee to send a wire transfer to what appears to be an insurance company. Instead, it would go straight to the hacker. In this case, we were able to successfully block the attack... These ‘business email compromise’ attacks are incredibly popular, difficult to stop and tough to identify."

Users are  strongly recommend to implement advanced email security that relies on more than one factor to determine if an email is legitimate and recipients should be sure to read the entire email before acting, looking for any discrepancies and inconsistencies.

Email Safety Tips

Avanan advise their corporate customers to follow a checklist:

  • Always check reply-to addresses to make sure they match
  • If ever unsure about an email, ask the original sender.
  • Encourage users to ask finance before acting on invoices.
  • Read the entire email; look for any inconsistencies, misspellings or discrepancies.
  • If using banners, be sure to not bombard end-users with them; only use at critical times so that end-users take them seriously.

End users should always exercise caution before paying invoices. It’s best to confirm directly with the CFO before paying out. 

You Might Also Read: 

The Frailty Of Email:

 

« Montenegro Falls Under Attack
Twitter Concealed Known Security Flaws »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Celestix Networks

Celestix Networks

Celestix is a global provider of secure network solutions that enable the simple deployment of secure remote access connectivity.

Talend

Talend

Talend is a leader in cloud and big data integration software. Applications include Risk and Compliance management.

Research Institute in Trustworthy Industrial Control Systems (RITICS)

Research Institute in Trustworthy Industrial Control Systems (RITICS)

RITICS is one of three Research Institutes formed as part of the UK National Cyber Security Strategy.

National Cyber Security Directorate (DNSC) - Romania

National Cyber Security Directorate (DNSC) - Romania

DNSC (formerly CERT-RO) is the Romanian national cyber security and incident response team.

Futurex

Futurex

Futurex is a globally recognized provider of enterprise-class data encryption solutions.

MerlinCryption

MerlinCryption

MerlinCryption develops infrastructure security software, delivering advanced encryption, authentication, and random data generators, for Cloud, VoIP, eCommerce, M2M, and USB hardware.

Clym

Clym

Clym is the data privacy platform that helps organisations meet their data protection obligations. Cookies, Consent, Requests, Policies and more are all managed in a secure and adaptive application.

Langner

Langner

Langner is a software and consulting firm specialized in cyber security for critical infrastructure and large-scale manufacturing.

Sweepatic

Sweepatic

The Sweepatic reconnaissance platform discovers and analyses all internet facing assets and their exposure to risk.

ISMS Accreditation Center (ISMS-AC)

ISMS Accreditation Center (ISMS-AC)

ISMS-AC is the national accreditation body for Japan. The directory of members provides details of organisations offering certification services for ISO 27001.

H3Secure

H3Secure

H3 Secure focuses on Secure Data Erasure Solutions, Mobile Device Diagnostics and Information Technology Security Consulting.

CHT Security

CHT Security

CHT Security is a Managed Security Service Provider (MSSP) specialized in cyber security technologies enabling enterprises to defense against cyber threats to networks, gateways and endpoints.

CipherBlade

CipherBlade

CipherBlade specializes in blockchain forensics, data science and transaction tracking.

360° Online Brand Protection

360° Online Brand Protection

360° Online Brand Protection have developed a response to monitor counterfeiting and piracy activity at the online point of sale.

Russell Reynolds Associates

Russell Reynolds Associates

Russell Reynolds Associates is a global leadership advisory and search firm with functional expertise in Digital Leadership, Data & Analytics, and Compliance.

TXOne Networks

TXOne Networks

TXOne Networks offer cybersecurity solutions to protect your industrial control systems to ensure their reliability and safety from cyberattacks.