Home > Uncategorized > Forget Complex Hacking

Forget Complex Hacking

Companies Have Lost $3 Billion Falling for a Simple Email Scheme

by Tyler Durden

Zero Hedge (June 15 2016)

It turns out that hackers don’t need to break into SWIFT transactions at big banks {1} or even the Federal Reserve {2} in order to get funds wired to their accounts.

Cyber criminals just need to create fake email accounts and send an email to the right employee at a business and accomplish the same result with a lot less effort.

As the FT reports {3}, more than 22,000 businesses have been hit by a scam known as “business email compromise”, which entails a hacker mimicking an email of a CEO, lawyer, or another executive that gets sent to a lower level employee ordering that employee to wire money to an overseas account. By the time most organizations realize that the email was bogus, the cash has usually been transferred and is long gone.

What occurs, is an email that closely resembles an official corporate email, maybe misspelling the name very slightly, gets sent to lower level employees – who apparently think to themselves that the CEO emails everyday employees asking for a favor which includes immediately sending a wire through to an overseas bank account happens all the time – and the employee quickly jumps to get the transaction submitted.

Between October 2013 and May 2016, $3 billion in actual and attempted losses have occurred as a result of this scam. Of the $3 billion, about $960 million came from 14,000 victims in the US according to the FT {3}.

Mitchell Thompson, head of the financial cyber crimes task force in the FBI’s New York office said that more than 600 complaints of this activity have landed on his desk just over the past few months.

In addition to the email scam, the FBI also warned that there is a rise in ransomware, which is estimated to have resulted in losses of more than $50 million since 2005. In a ransomware attack, criminals gain control of a computer or network and encrypt the data. In order to unfreeze the network, the criminals demand a ransom, usually in bitcoin.

“There is a business model in some respects for criminals because they perceive it to be lucrative. This threat is something that is continually evolving.” said Richard Jacobs, assistant special agent in charge of the cyber branch in the FBI’s New York bureau.

Of course there is a business model for criminals to do this, if internal controls at firms are so weak that employees rush out a wire payment to an overseas bank account that they truly believe came from a CEO or other executive, then criminals will extort that all day long. After all, why go through the trouble of hacking the Federal Reserve and SWIFT if all one has to do is send an email to an over eager employee with no internal controls to follow.

Links:

{1} http://www.zerohedge.com/news/2016-05-20/little-known-lawsuit-exposes-yet-another-major-cyberheist-secure-global-payments-sys

{2} http://www.zerohedge.com/news/2016-06-01/fed-was-hacked-more-50-times-between-2011-and-2015

{3} https://next.ft.com/content/17f9976c-3253-11e6-ad39-3fee5ffe5b5b

http://www.zerohedge.com/news/2016-06-15/forget-complex-hacking-companies-have-lost-3-billion-falling-simple-email-scheme

Advertisements
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: