Cyber CrimeJan. 19, 2016, 11:00am
Cyber Crime – a ‘Phishing Plague’!
In recent weeks I have been told, albeit anecdotally, of 4 attempts to “phish” money from client business and personal accounts!!
Several of these cases were similar in their scenario, for instance a fraudulent e-mail addressed to an individual within the organisation with authority to originate bank payments. The e-mail requested money to be paid immediately to a specified account. The e-mail itself purported to have originated from a trusted individual (usually a “Director”), but on closer inspection the e-mail address mimicked that of the Director with small variances in the organisations domain name, for instance organisation.co.uk became organisations.co.uk. Such a subtle difference being easy to overlook.
In one case, the e-mail recipient responded to the initial request only to receive an e-mail by reply confirming that the Director being impersonated was “stuck in a meeting”, and the e-mail re-enforced the request to make the urgent transfer of funds. A phone call to the Directors mobile, went unanswered supporting the contention that they were “in a meeting”, because they were!
Incredibly worryingly, one case seemed to imply that the fraudsters had “real time” access to communications and were mimicking business and personal traits in order to perpetrate the crime.
A case you may have come across and which has received media coverage of, is an elderly couple who received a phone call from “Microsoft” to attempt to solve a problem someone was having with their computer. This is conceivable – everyone has problems with their computer!
In this case, the elderly couple had a 2 hour conversation (yes 2 hours!) with the fraudsters who after gaining their confidence, attempted to gain access to their computer remotely to “fix” the problem. The fraud wasn’t successful as the couple didn’t use online banking! The elderly couple offered the fraudsters a cheque since they had no other way of paying bills!
Scuppered by old “technology”!
Seriously though, this is “bloody” serious!
It is happening to normal small/medium size businesses and to people who are no “mugs”.
Doing the basics, as Detective Sergeant Martin Wilson of the NE Regional Cyber Crime Unit says will help. As in house burglaries, not leaving a window open to invite thieves in is a starter.
So up to date virus and firewall software is a must; changing passwords regularly; having secondary methods of verification; not allowing one person sole authority over a bank account; not making payments in an “emergency” etc etc are essential (Don’t use this as a definitive list; you need tailored advice!)
At a Bank of England Briefing I recently attended Oliver Bailey the new Head of Finance/conduct Authority FCA) said that Cyber Crime is a growing problem and a major risk to global business.