Detect Spoofing Before Your Organisation Suffers Fraud
Researchers at Avanan, a Check Point Software company, have detected and blocked a cyber attack that spoofed the CFO of a major sports organisation in a failed attempt at theft.
Spoofing is cyber attack technique also known as a Business Email Compromise (BEC) fraud, where cyber criminals impersonate organisational supervisors for financial gain.
The attackers tried to trick a lower-level finance employee into sending funds to an alleged insurance company by passing themselves off as the CFO in a seemingly legitimate email.
Avanan researchers warn that these cyber attacks are becoming more common, playing on people’s desires to perform well for their boss. The spoofed CFO requested a wire to be sent to what appears to be an insurance company. Avanan Research was able to block the cyber attack.
Attack Methodology
The BEC attack methodology in this case was as follows:
- Hacker first created a spoofed account of the company’s CFO.
- Hacker finds the legitimate email address of someone on the finance team.
- Hacker creates an email that looks like the CFO has forwarded, with attached instructions for wiring and the URL in the ‘from’ address is taken from copied from the corporate slogan
- CFO asks employee to wire money instantly
- If the employee bites, money will land in the hackers’ account
In this case the fake message was detected by the “reply-to” address at the top of the email differing from the company’s email address. That was the only thing that alerted the end-user that something was wrong.
Little information is known about the attackers, except that they have struck more than once. Jeremy Fuchs of Avanan commented. “We discovered an attack that spoofs the CFO of a major sports organisation. The spoofed CFO asks a lower level finance employee to send a wire transfer to what appears to be an insurance company. Instead, it would go straight to the hacker. In this case, we were able to successfully block the attack... These ‘business email compromise’ attacks are incredibly popular, difficult to stop and tough to identify."
Users are strongly recommend to implement advanced email security that relies on more than one factor to determine if an email is legitimate and recipients should be sure to read the entire email before acting, looking for any discrepancies and inconsistencies.
Email Safety Tips
Avanan advise their corporate customers to follow a checklist:
- Always check reply-to addresses to make sure they match
- If ever unsure about an email, ask the original sender.
- Encourage users to ask finance before acting on invoices.
- Read the entire email; look for any inconsistencies, misspellings or discrepancies.
- If using banners, be sure to not bombard end-users with them; only use at critical times so that end-users take them seriously.
End users should always exercise caution before paying invoices. It’s best to confirm directly with the CFO before paying out.
You Might Also Read:
