Learn from this $1 million email scam.
Welcome to Cyber Security Today. It’s Monday December 9th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
To hear the podcast, click on the arrow below:
There have been many news reports about businesses losing big money by trusting email communications. In the usual scam, a criminal hacks an executive’s email, poses as the official and tells the victim company to change the bank account money is usually wired to. That way the money goes to an account controlled by the criminal. Security company Check Point Software reports a recent sophisticated case where the hacker went further to deceive and got away with $1 million.
Here’s how it worked: A Chinese venture capital company announced earlier this year it was investing in an Israeli startup. The attacker then hacked one of the companies so it could see their email communications. The hacker also created two email accounts that closely mimicked the email domains of each company by adding the letter “s” to the name. So, for example, if the Israeli company was Howard.com, the fake email account was Howards.com. And if the Chinese company was Bejing.com, the fake email account was Beijngs. com. Executives didn’t spot the difference. The result was the hacker could intercept messages between the two companies, change the content and send messages between them through the fake email accounts. At one point officials from both companies were to meet in Shanghai. The attacker sent an email to both firms saying they couldn’t make the meeting for different reasons. If that meeting had gone ahead the scam would likely have been exposed. The two companies only realized something was wrong when the Chinese company’s bank said something was wrong with its wire transfer, and the Israeli company realized it didn’t get its $1 million. This case shows how sophisticated attackers are becoming.
Check Point says there are a number of lessons: One of the most important is that if your company is part of a wire transfer of money, make sure there’s an independent way of verifying transactions. That means not using a phone number included in a recent email, because the phone number could be phony. Companies also need to buy a tool or a service to check for registered look-alike email and company names that are used for scams. Staff involved in financial transactions have to be trained to watch carefully for email scams. And to help forensic investigations make sure your firm keeps logs for at least six months. If your firm uses a cloud email provider, can you get logs? If not, think about changing providers.
In law enforcement news, European police said last week they sized over 30,000 Internet domain names that distributed counterfeit and pirated items. These included counterfeit pharmaceuticals, pirated movies, illegal television streaming, music, software and other bogus products. Three suspects were arrested. Meanwhile the U.S. Justice Department and the United Kingdom laid criminal charges against twp Russian men accused of hacking and bank fraud schemes through malware going back 10 years. The U.S. is offering a reward of up to $5 million for information leading to their arrest.
Finally, there’s a lot of holiday sales going on. If your PC is still running Windows 7 a new computer or new version of Windows should be on your list. Microsoft will stop putting out security patches for Win 7 on January 14th. If your PC can take it, upgrade to Windows 10. If not, time for a new machine.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon