Make sure you pay the CEO

Payment FraudOver the last month the J2 Software team have noticed an increase in an evolved method in change of bank details or payment fraud. While this might sound like old news, this now more directly involves the CEO.

Traditional payment fraud has been rife for some time where the cyber criminal impersonates the CEO, or other senior members of staff, to convince the finance department to make an urgent payment to either a new supplier or update their bank details. The change of bank detail fraud uses fake banking confirmation letters and the trust of finance people to update an existing supplier’s details. The growing number of successful attacks have proven to be very costly to businesses of all sizes. Owing to this, many businesses have now implemented stronger verification processes to verify supplier bank details changes, which means that the criminals have had to change their approach and tactics.

This trend involves an internal change of bank details, mostly for the CEO. The cyber criminal impersonates the CEO by using an external email address, claiming that it is their private email address, and requests that their bank details for payroll is updated. All of these use similar wording and it is usually done a week before payroll, to stress the urgency. To make sure that they pay their CEO, many of these changes have been successful. The finance or HR team update the details and the cyber criminal is paid, after which they rapidly get the money out before anybody notices.

Read more: Make sure you pay the CEO

  • Hits: 89

Cyber Criminals Adapt to Deceive

Cyber criminals constantly adapt their approach to deceive their targets and increase their success rate. The J2 cyber security team have seen a new trend developing that speaks directly to this phenomenon.

Our team have been involved in several investigations in the last few weeks and uncovered an adapted approach to completing a successful change of bank details fraud. The attack method is not new, the execution has simply evolved.

Many people have seen and encountered the standard approach to change of bank details fraud, also known as Invoice fraud, where an attacker pretends to be one of your suppliers, creates fake change of bank details letters and emails the accounts department to get bank details updated and then makes off with your heard earned cash…

Read more: Cyber Criminals Adapt to Deceive

  • Hits: 503

Beware of the Post Office Scams

We have recently seen an increase in these types of cyber attacks. The cyber criminal bypasses your email security by using a trusted service and website (in this example they use Survey Monkey, with a free account). The email is made to look like a notification from the South African Post Office. This tells the user that they have a parcel for delivery, which requires a payment to be delivered.

Beware of the Post Office Scams SA Post

Read more: Beware of the Post Office Scams

  • Hits: 718

Escape from SOC1 Alcatraz – Part 1

This article is aimed primarily at those security operation center operatives who believe they are ready to move to a higher tier in their work but find themselves imprisoned in entry level roles. Alcatraz was a legendary prison encircled by guards, a cold sea, and hungry sharks. It was terribly boring to live there, and difficult to leave.

My purpose in writing this is two-fold, firstly to help you identify if you are a tier 1 thinker, and secondly to offer some suggestions on how you might elevate yourself into a more desirable role. I’m breaking up this article into two parts. This first article is the reality check. The second article will suggest some tangible learning paths and provides practical examples, texts, blogs and/ or training pathways.

Let me preface this article by making the point that a marine biologist at Alcatraz would have a quality of life that is far higher than other prisoners. They have an opportunity to grapple with sharks directly. The best marine biologist would dispense with dreaming of access to labs and spend their time with basic tools, taking notes and classifying type, studying behavioral anomalies, and preparing texts to publish.

‘Not every prisoner is a marine biologist’. To this I respond, “Every prisoner in Alcatraz had the opportunity to become one.” Some of you are working in second languages, come from backgrounds where your exposure to computers at home was limited or non-existent, or face other challenges.

You can be great at what you do, overcome your limitations, and achieve your goals, but it requires time, energy, and commitment. It requires more than doing one thing well and ticking boxes.

Read more: Escape from SOC1 Alcatraz – Part 1

  • Hits: 605

Attack on credit bureau exposes 24 million South African's personal details


Attack on credit bureau exposes 24 million South African's personal details
By Cybersecurity expert and J2 Software CEO John Mc Loughlin

South Africans now have another thing to worry about, their personal information has been lost to a fraudster who has gained access to 24 million people’s information. The information in question is the exact detail required to access banking information, access accounts and steal identities. The exact end game is not clear, but the possibilities are endless.

The initial hype around Experian mentioned they had been hacked and data was stolen. With additional detail it seems that none of the systems were breached and the personal information of 24 million South Africans was lost due to an internal failure.

Read more: Attack on credit bureau exposes 24 million South African's personal details

  • Hits: 658

Copyright © 2019 J2 Software | Powered By Cartmell