Hackers have found a new way to steal from companies and it has more to do with people than it does technology. Millions of dollars have been reported stolen from large corporations and they are handing it over themselves!
This is how the scam works…
Hackers will target the leaders of the company, usually the CEO and the CFO, using public available information. The attackers with find out the inner workings of the company and learn the policies for financial transactions. They make a domain name as similar to the name of the company as possible, LUTHERCORP.ca vs. LUTHERRC0RP.ca, and send an email to the CFO from that false domain.
The email will claim to be from the CEO asking for a large sum of money to be wired to an account. The email will often be full long business conversations with other company executives to make it seem real and will be marked as urgent. Making it urgent often bypasses many of the regular security steps in wiring money. Once the money has been sent, there is no getting it back.
How can I protect my company?
- Have a multi-step system for withdrawing money that involves more than 1 person within the company
- Open up communication within the company so that people know it’s okay to ask questions
- Establish a physical or verbal signature for withdraw so that the entire transaction isn’t online
This scam shows the biggest security flaw in a company is internal. Targeting high ranking members allows them to skip past any and all security measures that you may have in place.
For more information on hacking tactics so that you can keep your company safe, contact Sydney Technology Solutions at (02) 8212 4722 or [email protected]. We provide managed IT services wherein we handle all of your technology needs.