What the attack is, how the attack appears and how to defend against it.
Australian authorities (ourselves included) are seeing a sharp rise in ‘Imposter’ phishing scams (also known as Business Email Compromise Scams or Spear-phishing) over the past few weeks.
These scams usually involve sending an email, disguised as a being directly from the CEO, owner or person of authority within the company. The email contains a request for sensitive information for a sizable payment to be made to an account, often an overseas supplier, customer or partner.
The appearance of the attack
These scams are particularly strategic, for a number of reasons, often attacking during tax season and attacking organisations with multiple office locations and/or suppliers overseas.
The way these attacks normally work is an employee will receive an email from a company leader, early in the morning or during a busy period. The email will have either have the company email footer signature or the ‘sent via Iphone’ message after the email to make it appear legitimate.
The person the email is supposedly from is either away from the office or overseas on a work trip and is only loosely contactable. The email contact is written in an urgent format, requesting either that a payment be made to a supplier/partner account immediately (along with the new account details the payment is to be made into). Sometimes the victims are requested to ignore protocol and keep the request to themselves, due to the request being highly confidential.
The criminals behind these attacks spend a fair amount of time preparing for the attack, usually following a company on social media and paying special attention to its website. The information they’re looking for is often easily available online, such as the company directors, partners, suppliers and ongoing projects. All of this information is helpful in preparing for the scam.
Sometimes the scammers can go far enough to call the business, pretending to be recruiters seeking information on the managers and other employees they seek to impersonate.
Many businesses and company individuals also post actively on their social channels about their events and activities. Events such as business trips overseas or major projects or other highlights are all useful components of information for cybercriminals attack preparation.
How individuals can defend against an attack
Unfortunately, technology is still trying to keep up with these styles of spear-phishing. Because the scammers register email addresses similar to the company and the content of the email is very standard, spam filters have a hard time picking up on these and flagging the email as malicious. Although they do often raise some alarm from standard email defence software.
Due to this, a lot of these spear-phishing attacks make it through to their intended target and it is left to the individual receiving the email to register that they are being attacked.
The best thing you can do if you receive an email you believe to be malicious is to call or notify the person the attacker is impersonating, once confirmed alert the remainder of the organisation to the attempted attack and delete the email.
How organisations can defend themselves
Organisations can best prepare their employees for these attacks by making them aware of how these attacks work and to emphasize to always follow proper procedures when payment requests or requests for sensitive information come through.
Always be suspicious when sensitive information or payment request from a company boss is sent via email. Be further vigilant of the same requests that come from suppliers, partners or contractors.
For example, if an email comes through from a supplier with different banking details or payment requests via email, always call them directly to confirm this first.
If you are concerned about the state of your email security or wish to know more about our security options, please feel free to get in contact us via 1300 133 966 or email us via sales@emergingIT.com.au.