Common Theme Unites Successful Business Phishing Attacks

By August 23, 2016CCG Insights

Common Theme Unites Successful Business Phishing AttacksOne common theme unites the most successful phishing attacks over the last year- identity deception, according to an Agari report. Opportunistic cybercriminals are tapping into the wealth of personal and behavioral data available online and using this information to spoof the identity of a trusted person or brand.

At the start of 2016, the FBI warned that it had seen a 270% increase in CEO scams in 2015. That trend continued this year. Within enterprises, scammers are convincing their victims to give away confidential information or transfer money into a fraudulent bank account by posing as a trusted business executive, often using highly targeted emails or social media messages.

Alternatively, they are looking to spread malware and compromise IT environments by tricking recipients into opening an email attachment or clicking on a link to a corrupted web page.

Agari revealed fraudsters more and more are targeting specific individuals with sophisticated spoofs pretending to be from banks, government departments, and major brands. Often the emails have ‘Attention’, ‘Important Notification’ or ‘Your account has been revoked’ in the subject line and the growing reliance on email means it’s becoming increasingly tricky for consumers to differentiate between fake and real communication.

Once the phisher has successfully exploited someone’s trust by posing as a senior business executive or gained access to a victim’s computing device, they have unlimited access. The attacker has a numerous methods to commit fraud, install malware, seek out privileged access accounts, or obtain confidential information and valuable data.

For example, once cybercriminal harvest personal information and learn the company processes, they can target carefully selected employees with a spear phishing email designed to get access to confidential business information or transfer money into an unknown account.

Companies that have recently fallen victim to this kind of criminal fraud include:

  • Ubiquiti Networks – finance department received a fraudulent request from an impersonated employee that resulted in $46.7 million transferred to an overseas account held by external third parties.
  • Mattel – a finance executive wired more than $3 million to the Bank of Wenzhou after the ‘new CEO’ requested a vendor payment. According to reports, Mattel quickly realized that it had been victim of a fraudulent request and worked with Chinese authorities to retrieve the money back.

In recent months, most ransomware arrives via attachments in emails. Ransomware’s efficiency hinges on two factors: tricking people into clicking on malicious content and banking on them not having advanced threat protection.

On both the enterprise and consumer side, ransomware is becoming a steadily growing form of malware that effectively holds a user’s device or files at electronic gunpoint. Ransomware infects a machine and renders it unusable until the infected user pays the ransom to either unlock the computer or decrypt the data. Levels of attacks can vary and often it uses scare tactics, deadlines and intimidation to trick victims into paying up.

To counter the threat of this attack, organizations must introduce policies that ensure that no one person or single email can authorize transactions. Instead, there needs to be a mixture of communication channels verifying any request for confidential or financial information.