Cyber criminals adapt to deceive

Issue 6 2021 Cyber Security

Cybercriminals are constantly adapting their approach to deceive their targets and increase their success rate. There is a new trend developing that speaks directly to this phenomenon, it is an adapted version to completing a successful change of bank details fraud.

Many people have seen and encountered the standard approach to change of bank details fraud, also known as invoice fraud. This is where an attacker pretends to be a supplier, they create fake change of bank details letters and email the accounts department to get bank details updated.

The attack method is nothing new, but the execution has simply evolved. The end game is the same, to steal your money; but the criminal syndicate now uses the fact that most people are working from home to target their prey with a more personal approach.

The cybercriminal uses the telephone and identifies themselves as the supplier’s finance contact person. The call is friendly, includes some small talk, pandemic discussions and is made to sound unique, right down to using the correct accent.

The cyber attacker informs your team that they’re changing banks and asks about the process to do so. They then confirm the details and send this via email. As this is expected, your finance team has a higher likelihood of being tricked and falling for it.

The cybercriminal often uses messaging apps like WhatsApp and Signal to confirm the details have been sent and will then call back again a short while later to confirm receipt of the details and to answer any questions or concerns.

This adaptation has been necessitated to get around the usual verification process in place at a business. The attacker does their own verification with your finance team, increasing their success rate exponentially. There have been different versions and differing levels of sophistication in these attacks, including highly targeted attacks where the cybercriminals have spoofed the supplier’s telephone numbers.

Awareness is key, making your end users aware of changing methods and bedding down your processes will help and is part of our drive for cyber resilience. Externally you should be using every possible method to secure yourself and your reputation.

Implementing DMARC standards can protect your brand from being impersonated, maintaining open communication and a managed user awareness training programme will help your people identify attacks before they lead to compromise and having total visibility with associated controls will deliver the cyber resilience you need to stay secured.

More importantly, a layered, comprehensive and practical cyber resilience programme is an absolute necessity. Cybersecurity requires resilience, resilience requires visibility.

For more information contact J2 Software, +27 11 794 1096, john@j2.co.za, www.j2.co.za


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Intelligently adapting African cities for a better as well as a safer life
Government and Parastatal (Industry) Cyber Security
Smart buildings and cities therefore require as much a security-centric approach as they do an environmentally sustainable one.

Read more...
Smart city, smarter security
Government and Parastatal (Industry) Cyber Security
Henk Olivier, MD of Ozone Information Technology Distribution, unpacks the importance of smart and secure in the city of the future.

Read more...
Cybersecurity for the board of directors
Editor's Choice Cyber Security
Bike-shedding is a common distraction in boardrooms, especially when discussing issues board members are responsible for, but don’t understand – like cybersecurity.

Read more...
Make connected home security as easy as plugging in a router
Cyber Security IT infrastructure
Service providers can now deploy gateway security services for the entire home in weeks, not months.

Read more...
Changing cybersecurity in South Africa
News Cyber Security
NEC XON plans to change cybersecurity solutions in South Africa, helping customers balance risk management and cybersecurity investment, transform capex to opex and automate activities to reduce costs through managed security services.

Read more...
Cybersecurity for operational technology: Part 3
Cyber Security Industrial (Industry)
According to a recent World Economic Report, the Covid-19 pandemic has increased our reliance on the global supply chain, while the Internet has accelerated the digitisation of business processes.

Read more...
App-less authentication offers business, security benefits
Cyber Security
GSM authentication offers an app-less, truly out-of-band, secondary factor that is both low friction and simple to implement for companies looking to protect all customers against fraud.

Read more...
Cloud can cut your security risks
Cyber Security
Todd Schoeman, BT client business director in South Africa, explores the ways that organisations can reduce security risk by using the cloud.

Read more...
Combating fraud in the digital world with the support of AI
Cyber Security
With technology evolving and people embracing the likes of mobile wallets, banking apps and other solutions to manage transactions, businesses must rethink how best to bolster anti-fraud mechanisms.

Read more...
Enhancing the security of your applications
Cyber Security
Craig de Lucchi, Veracode account director, expands on common obstacles in AppSec programmes and the power of collective learning.

Read more...