Cyber criminals adapt to deceive
Cybercriminals are constantly adapting their approach to deceive their targets and increase their success rate. There is a new trend developing that speaks directly to this phenomenon, it is an adapted version to completing a successful change of bank details fraud.
Many people have seen and encountered the standard approach to change of bank details fraud, also known as invoice fraud. This is where an attacker pretends to be a supplier, they create fake change of bank details letters and email the accounts department to get bank details updated.
The attack method is nothing new, but the execution has simply evolved. The end game is the same, to steal your money; but the criminal syndicate now uses the fact that most people are working from home to target their prey with a more personal approach.
The cybercriminal uses the telephone and identifies themselves as the supplier’s finance contact person. The call is friendly, includes some small talk, pandemic discussions and is made to sound unique, right down to using the correct accent.
The cyber attacker informs your team that they’re changing banks and asks about the process to do so. They then confirm the details and send this via email. As this is expected, your finance team has a higher likelihood of being tricked and falling for it.
The cybercriminal often uses messaging apps like WhatsApp and Signal to confirm the details have been sent and will then call back again a short while later to confirm receipt of the details and to answer any questions or concerns.
This adaptation has been necessitated to get around the usual verification process in place at a business. The attacker does their own verification with your finance team, increasing their success rate exponentially. There have been different versions and differing levels of sophistication in these attacks, including highly targeted attacks where the cybercriminals have spoofed the supplier’s telephone numbers.
Awareness is key, making your end users aware of changing methods and bedding down your processes will help and is part of our drive for cyber resilience. Externally you should be using every possible method to secure yourself and your reputation.
Implementing DMARC standards can protect your brand from being impersonated, maintaining open communication and a managed user awareness training programme will help your people identify attacks before they lead to compromise and having total visibility with associated controls will deliver the cyber resilience you need to stay secured.
More importantly, a layered, comprehensive and practical cyber resilience programme is an absolute necessity. Cybersecurity requires resilience, resilience requires visibility.