Part III: CEO Fraud ~ Social Engineering

Social Engineering: All of these techniques fall under the broader category of social engineering. This innocuous sounding label originally meant the application of sociological principles to specific social problems.

But within a security context, it has come to signify the use of psychological manipulation to trick people into divulging confidential information or providing access to funds. The art of social engineering might include mining information from social media sites. LinkedIn, Facebook and other venues provide a wealth of information about organizational personnel.

This can include their contact information, connections, friends, ongoing business deals and more. Unfortunately, these scams have a high rate of success. The Verizon 2016 Data Breach Investigations Report revealed a shocking 30% of recipients open phishing messages and 12% click on attachments.

Many of these breaches happen within two minutes of receipt. That means IT has little chance of catching this malicious traffic before it hits inboxes. While phishing emails may not directly lead to CEO fraud, they are the top avenue of entry for malware and
spyware into the enterprise.

Once inside, cybercriminals can bide their time casing out the financial
connections and interactions within the company. They eventually learn enough to spring a convincing BEC attack, usually posing as a company executive or accounts personnel. They can sit unobserved for months while they study the key individuals and protocols necessary to perform wire transfers within that business environment.

The FBI identifies five main scenarios by which this scam is perpetrated:
Business working with a foreign supplier: This scam takes advantage of a long-standing wire-transfer relationship with a supplier, but asks for the funds to be sent to a different account.
Business receiving or initiating a wire transfer request: By compromising the email accounts of top executives, another employee receives a message to transfer funds somewhere, or a financial institution receives a request from the company to send funds to another account. These requests appear genuine as they come from the correct email address.
Business contacts receiving fraudulent correspondence: By taking over an employee’s email account and sending invoices out to company suppliers, money is transferred to bogus accounts.
Executive and attorney impersonation: The fraudsters pretend to be lawyers or executives dealing with confidential and time-sensitive matters.
Data theft: Fraudulent e-mails request either all wage or tax statement (W-2) forms or a company list of personally identifiable information (PII). These come from compromised and/or spoofed executive email accounts and are sent to the HR department, accounts or auditing departments.

Next post find out who is at risk and while your waiting with bated breath remember.. Think Before You Click!

Tina Louise ~ www.cloudplusservices.com ~ 888.871.6584

 

Part II: What Is Known About CEO Fraud

The methods in which these attacks are initiated can be any of the following or in combination:

Phishing: Phishing emails are sent to large numbers of users simultaneously in an attempt to “fish” sensitive  information by posing as reputable sources—often with legitimate-looking logos attached. Banks, credit card  providers, delivery firms, law enforcement, and the IRS are a few of the common ones. A phishing campaign  typically shoots out emails to huge numbers of users. Most of them are to people who don’t use that bank, for  example, but by sheer weight of numbers, these emails arrive at a certain percentage of likely candidates.

 
Spear Phishing: This is a much more focused form of phishing. The cybercriminal has either studied up on the  group or has gleaned data from social media sites to con users. The email generally goes to one person or a  small group of people who use that bank or service. Some form of personalization is included – perhaps the  person’s name, or the name of a client.

 
Executive “Whaling”: Here, the bad guys target top executives and administrators, typically to siphon off  money from accounts or steal confidential data. Personalization and detailed knowledge of the executive and  the business are the hallmarks of this type of fraud.

In our next blog we will cover Social Engineering  and how the above techniques fall under the broader category of social engineering.

We are excited to launch our new website www.cloudplusservices.com we have a new look and hope you enjoy it and possibly share it with your fiends and partners.

Remember…Think Before You Click!

Tina Louise ~ www.cloudplusservices.com  888.871.6584

 

 

Part I: Understanding CEO Fraud

What is CEO Fraud?   The FBI calls it Business Email Compromise and defines BEC as “a sophisticated scam targeting businesses  working with foreign suppliers and/or businesses that regularly perform wire transfer payments.

The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.”

CEO fraud is another name for this scam and it usually involves tricking someone into making a large wire transfer into what turns out to be a bogus account. On a few occasions, however, checks are used instead of wire transfers. According to resent FBI reports in the last year estimate losses have hit 2.3 billion dollars.

Most victims are in the US (all 50 states), but companies in 100 other countries have also reported incidents. While the fraudulent transfers have been sent to 79 countries, most end up in China and Hong Kong. Unless the fraud is spotted within 24 hours, the chances of recovery are small.

That’s why only 4% of the funds are ever retrieved. Certainly, large enterprises are a lucrative target. But small businesses are just as likely to be the mark. Other than being a business that engages in wire transfers, there is no discernible pattern in terms of a focus on a particular sector or type of business. The bad guys don’t discriminate!

Next week the methods of how CEO attacks are initiated ~ Think Before You Click!

Tina Louise ~ www.cloudplusservices.com ~ 888.871.6584

Pay Attention CEO Your A Target!

Over the next several weeks I am going to dedicate my posts to all C-level executives and the importance of keeping your eye on the ball and that ball is your company and financial future.

This CEO Fraud Prevention posts will provide a thorough overview of how to deal with this exponentially growing wave of cybercrime. I will explain how top executives in Finance are hoodwinked, how companies are compromised, how millions are siphoned off by criminals, and fiduciary responsibilities. I will cover how to prevent such an attack as well as what to do if you become the latest victim. This includes checklists of the key steps.

What is CEO Fraud?  It’s ruined the careers of many executives and loyal employees. Successful CEOs have been fired because of it.  Stock prices have collapsed. IPOs and mergers have been taken off the table. Known as CEO fraud or the Business Email Compromise (BEC), the FBI reports that it this type of cybercrime has victimized more than 22,000 organizations worldwide and is responsible for losses of more than $3 billion.

Despite these statistics, cyber-risk management remains a blind spot for most C-level executives. Yet any company, led by its CEO, must quickly learn to integrate these skills and technologies into day-to-day operations or face the consequences.  I am a firm believer of “Knowledge Is Power”, you grew your companies, with late nights and hard work so do not allow the bad guys to steal your brand and reputation.

 

Next week I will dive in with the topic of “Understanding CEO Fraud”, till then………………………….

Think Before You Click!

Tina Louise Penn     www.cloudplusservices.com    888.413.9186

 

Unusual Ransomware Strain Encrypts Cloud Email?  

Ok, not just yet this type of ransomware strain is not in the wild at the moment but what if your cloud based email appeared to be a call to action.  A smart social engineering tactic to trick the user to give the bad guys access to their cloud email account, with the ruse of a “new Microsoft anti-spam service”.

Once your employee clicks “accept” to use this service,  it’s game over: all email and attachments are encrypted real-time!  The ransomcloud attack will work for any cloud email provider that allows an application giving control over the email via oauth. With Google it will work if you get the app past their verification process. Outlook365 doesn’t verify the app at this point so its much easier.

“Stop, Look and Think before you click on any link in an email that could potentially give the bad guys access to your data.”   Please watch the video so you can get an idea of what is pending in the darkness so your prepared and protected.

Ramsomecloud Demo

This year be watchful we are all at risk, what is on the horizon is going to impact your business and personal finances.  For more information and training give my team a call for a consultation.  Think Before You Click!

Tina Louise Penn    www.cloudplusservices.com    888.871.6584

Take Action Now ~ CCleaner Hacked!

If you have downloaded or updated CCleaner application on your computer between August 15 and September 12 of this year from its official website, then pay attention—your computer has been compromised.

CCleaner is a popular application with over 2 billion downloads, created by Piriform and recently acquired by Avast, that allows users to clean up their system to optimize and enhance performance.

Security researchers from Cisco Talos discovered that the download servers used by Avast to let users download the application were compromised by some unknown hackers, who replaced the original version of the software with the malicious one and distributed it to millions of users for around a month.

This incident is yet another example of supply chain attack. Earlier this year, update servers of a Ukrainian company called MeDoc were also compromised in the same way to distribute the Petya ransomware, which wreaked havoc worldwide.

Avast and Piriform have both confirmed that the Windows 32-bit version of CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 were affected by the malware.

Detected on 13 September, the malicious version of CCleaner contains a multi-stage malware payload that steals data from infected computers and sends it to attacker’s remote command-and-control servers.

The malicious software was programmed to collect a large number of user data, including:

  • Computer name
  • List of installed software, including Windows updates
  • List of all running processes
  • IP and MAC addresses
  • Additional information like whether the process is running with admin privileges and whether it is a 64-bit system.

How to Remove Malware From Your PC

According to the Talos researchers, around 5 million people download CCleaner (or Crap Cleaner) each week, which indicates that more than 20 Million people could have been infected with the malicious version the app.

“The impact of this attack could be severe given the extremely high number of systems possibly affected. CCleaner claims to have over 2 billion downloads worldwide as of November 2016 and is reportedly adding new users at a rate of 5 million a week,” Talos said.

However, Piriform estimated that up to 3 percent of its users (up to 2.27 million people) were affected by the malicious installation.

Affected users are strongly recommended to update their CCleaner software to version 5.34 or higher, in order to protect their computers from being compromised. Take action and reach out to your IT departments, local PC store for assistance and always do your research when signing up or downloading anything into your network…Think Before You Click!

Contribution: TheHackernews.com   

Call To Action In The Link – Equifax!

No Evidence of Unauthorized Access to Core Consumer or Commercial Credit Reporting Databases

Company to Offer Free Identity Theft Protection and Credit File Monitoring to All U.S. Consumers

September 7, 2017 — Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.

The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted.

Equifax discovered the unauthorized access on July 29 of this year and acted immediately to stop the intrusion. The company promptly engaged a leading, independent cybersecurity firm that has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Equifax also reported the criminal access to law enforcement and continues to work with authorities. While the company’s investigation is substantially complete, it remains ongoing and is expected to be completed in the coming weeks.

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Chairman and Chief Executive Officer, Richard F. Smith. “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”

Equifax has established a dedicated website, www.equifaxsecurity2017.com, to help consumers determine if their information has been potentially impacted and to sign up for credit file monitoring and identity theft protection. The offering, called TrustedID Premier, includes 3-Bureau credit monitoring of Equifax, Experian and TransUnion credit reports; copies of Equifax credit reports; the ability to lock and unlock Equifax credit reports; identity theft insurance; and Internet scanning for Social Security numbers – all complimentary to U.S. consumers for one year. The website also provides additional information on steps consumers can take to protect their personal information. Equifax recommends that consumers with additional questions visit http://www.equifaxsecurity2017.com or contact a dedicated call center at 866-447-7559, which the company set up to assist consumers. The call center is open every day (including weekends) from 7:00 a.m. – 1:00 a.m. Eastern time. Contribution – Equifax.

Think Before You Click!