Detect Spoofing Before Your Organisation Suffers Fraud

Uploaded on 2022-08-29 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Resilience

Researchers at Avanan, a Check Point Software company, have detected and blocked a cyber attack that spoofed the CFO of a major sports organisation in a failed attempt at theft. 

Spoofing is cyber attack technique also known as a Business Email Compromise (BEC) fraud, where cyber criminals impersonate organisational supervisors for financial gain. 

The attackers tried to trick a lower-level finance employee into sending funds to an alleged insurance company by passing themselves off as the CFO in a seemingly legitimate email. 

Avanan researchers warn that these cyber attacks are becoming more common, playing on people’s desires to perform well for their boss. The spoofed CFO requested a wire to be sent to what appears to be an insurance company. Avanan Research was able to block the cyber attack.  

Attack Methodology

The BEC attack methodology in this case was as follows: 

  • Hacker first created a spoofed account of the company’s CFO. 
  • Hacker finds the legitimate email address of someone on the finance team.
  • Hacker creates an email that looks like the CFO has forwarded, with attached instructions for wiring and  the URL in the ‘from’ address is taken from copied from the corporate slogan
  • CFO asks employee to wire money instantly 
  •  If the employee bites, money will land in the hackers’ account

In this case the fake message was detected by the “reply-to” address at the top of the email differing from the company’s email address. That was the only thing that alerted the end-user that something was wrong.

Little information is known about the attackers, except that they have struck more than once. Jeremy Fuchs of Avanan commented. “We discovered an attack that spoofs the CFO of a major sports organisation. The spoofed CFO asks a lower level finance employee to send a wire transfer to what appears to be an insurance company. Instead, it would go straight to the hacker. In this case, we were able to successfully block the attack... These ‘business email compromise’ attacks are incredibly popular, difficult to stop and tough to identify."

Users are  strongly recommend to implement advanced email security that relies on more than one factor to determine if an email is legitimate and recipients should be sure to read the entire email before acting, looking for any discrepancies and inconsistencies.

Email Safety Tips

Avanan advise their corporate customers to follow a checklist:

  • Always check reply-to addresses to make sure they match
  • If ever unsure about an email, ask the original sender.
  • Encourage users to ask finance before acting on invoices.
  • Read the entire email; look for any inconsistencies, misspellings or discrepancies.
  • If using banners, be sure to not bombard end-users with them; only use at critical times so that end-users take them seriously.

End users should always exercise caution before paying invoices. It’s best to confirm directly with the CFO before paying out. 

You Might Also Read: 

The Frailty Of Email:

 

« Montenegro Falls Under Attack
Twitter Concealed Known Security Flaws »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

QMS International

QMS International

QMS is one of the leading ISO certification bodies in the UK and serves clients worldwide.

Spanish National Cybersecurity Institute (INCIBE)

Spanish National Cybersecurity Institute (INCIBE)

INCIBE undertakes research, service delivery and coordination for building cybersecurity at the national and international levels.

Fortra

Fortra

Fortra (formerly HelpSystems) is your cybersecurity ally, unified through the mission of providing solutions to organizations' seemingly unsolvable cybersecurity problems.

Certis

Certis

Certis is a leading advanced integrated security organisation that develops and delivers multi-disciplinary security and integrated services.

KIOS Center of Excellence (KIOS CoE)

KIOS Center of Excellence (KIOS CoE)

KIOS carries out top level research in the area of Information and Communication Technologies (ICT) with emphasis on the Monitoring, Control and Security of Critical Infrastructures.

Assertion

Assertion

Assertion secures your collaboration (UC/CC) systems from cyber risks. Enforcing the right set of controls and monitoring them continually brings down risk to acceptable levels.

Cynexlink

Cynexlink

Cynexlink offers Managed IT Services with Security, Network, Storage & Cloud solutions for all size of business.

ColorTokens

ColorTokens

ColorTokens Xtended ZeroTrust Platform protects from the inside out with unified visibility, micro-segmentation, zero-trust network access, cloud workload and endpoint protection.

Bitcrack

Bitcrack

Bitcrack Cyber Security helps your company understand and defend your threat landscape using our key experience and skills in cybersecurity, threat mitigation and risk.

KnectIQ

KnectIQ

Building Trust Environments in a Zero-Trust World. KnectIQ offers KIQAssure, an Ultra High Security Solution for Data in Flight.

Stratum Security

Stratum Security

Stratum Security is an information security consulting company that focuses on providing clear and concise risk guidance to its clients through high quality assessment services.

CyberNet Albania

CyberNet Albania

Cybernet Albania has been providing IT support and services to small businesses since 2016. We strive to eliminate your IT issues before they cause downtime and impact your operations.

Rayzone Group

Rayzone Group

Rayzone Group offers a wide range of Cyber Security solutions and services, providing hollistic protection suitable for both enterprises and National cyber security centers.

Sencode Cyber Security

Sencode Cyber Security

Sencode provides a range of IT security solutions and services, including penetration testing and cyber awareness training to help mitigate the growing risks to your corporate infrastructure.

Polestar Industrial IT

Polestar Industrial IT

Polestar work on both sides of the IT & OT divide. Network, Data & Asset Security is our priority. Polestar installations are robust and resilient and comply with the appropriate security.

Sphinx

Sphinx

Sphinx provide advanced security consulting services and cyber solutions to federal and private industry.