Detect Spoofing Before Your Organisation Suffers Fraud

Uploaded on 2022-08-29 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Resilience

Researchers at Avanan, a Check Point Software company, have detected and blocked a cyber attack that spoofed the CFO of a major sports organisation in a failed attempt at theft. 

Spoofing is cyber attack technique also known as a Business Email Compromise (BEC) fraud, where cyber criminals impersonate organisational supervisors for financial gain. 

The attackers tried to trick a lower-level finance employee into sending funds to an alleged insurance company by passing themselves off as the CFO in a seemingly legitimate email. 

Avanan researchers warn that these cyber attacks are becoming more common, playing on people’s desires to perform well for their boss. The spoofed CFO requested a wire to be sent to what appears to be an insurance company. Avanan Research was able to block the cyber attack.  

Attack Methodology

The BEC attack methodology in this case was as follows: 

  • Hacker first created a spoofed account of the company’s CFO. 
  • Hacker finds the legitimate email address of someone on the finance team.
  • Hacker creates an email that looks like the CFO has forwarded, with attached instructions for wiring and  the URL in the ‘from’ address is taken from copied from the corporate slogan
  • CFO asks employee to wire money instantly 
  •  If the employee bites, money will land in the hackers’ account

In this case the fake message was detected by the “reply-to” address at the top of the email differing from the company’s email address. That was the only thing that alerted the end-user that something was wrong.

Little information is known about the attackers, except that they have struck more than once. Jeremy Fuchs of Avanan commented. “We discovered an attack that spoofs the CFO of a major sports organisation. The spoofed CFO asks a lower level finance employee to send a wire transfer to what appears to be an insurance company. Instead, it would go straight to the hacker. In this case, we were able to successfully block the attack... These ‘business email compromise’ attacks are incredibly popular, difficult to stop and tough to identify."

Users are  strongly recommend to implement advanced email security that relies on more than one factor to determine if an email is legitimate and recipients should be sure to read the entire email before acting, looking for any discrepancies and inconsistencies.

Email Safety Tips

Avanan advise their corporate customers to follow a checklist:

  • Always check reply-to addresses to make sure they match
  • If ever unsure about an email, ask the original sender.
  • Encourage users to ask finance before acting on invoices.
  • Read the entire email; look for any inconsistencies, misspellings or discrepancies.
  • If using banners, be sure to not bombard end-users with them; only use at critical times so that end-users take them seriously.

End users should always exercise caution before paying invoices. It’s best to confirm directly with the CFO before paying out. 

You Might Also Read: 

The Frailty Of Email:

 

« Montenegro Falls Under Attack
Twitter Concealed Known Security Flaws »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Acuity RM Group

Acuity RM Group

Acuity RM Group helps businesses worldwide effectively manage, prioritize and report on their risks to inform strategic and tactical decision-making and build long-term resilience.

Information Security Forum (ISF)

Information Security Forum (ISF)

The ISF is a leading authority on information security and risk management.

Digital Detective

Digital Detective

Digital Detective offer a range of products and services for digital forensic analysis and advanced data recovery.

iLand

iLand

iland is a global cloud service provider of secure and compliant hosting for infrastructure (IaaS), disaster recovery (DRaaS), and backup as a service (BaaS).

Trulioo

Trulioo

Trulioo is a leading global identity and business verification company providing secure access to data sources worldwide to instantly verify consumers and businesses online.

MagiQ Technologies

MagiQ Technologies

MagiQ produced the world’s first commercial quantum cryptography product that delivered advanced, future-proof network security.

Dynics

Dynics

The Dynics ICS-Defender is an Industrial Control System Security Appliance for OT or OT/IT convergent environments.

Future Technology Systems Company (FutureTEC)

Future Technology Systems Company (FutureTEC)

FutureTEC is a leading Information Technology Solutions Provider, delivering world-class Information Security, Information Management, and Business Solutions.

JupiterOne

JupiterOne

JupiterOne is the security product that is changing how organizations manage and secure their software defined assets.

LeadingIT

LeadingIT

Leading IT provides IT support, cloud computing, email support, cybersecurity, networking and firewall services to Chicagoland businesses.

META-Cyber

META-Cyber

META-cyber was founded by engineers with experience in process and control-protection to provide cyber security for industrial infrastructure.

Ultima

Ultima

Ultima are on a mission to help businesses unlock their true potential by using the right IT to protect your company’s revenue and reputation – 24/7.

DerSecur

DerSecur

DerSecur has been engaged in advanced technology activities in the field of Application Security since 2011. We offer R&D technology solutions in the field of SAST, DAST and SCA analysis.

Custocy

Custocy

Custocy is a unique collaborative AI technology that identifies sophisticated and unknown (zero-day) attacks.

Lupasafe

Lupasafe

Lupasafe is a software for businesses to see IT risks and insights, and provide vital training for employees.

Aikido Security

Aikido Security

Aikido is the no-nonsense security platform for developers. Secure your code, cloud, and runtime in one central system. Find and fix vulnerabilities automatically.