Theirs A Hunter In The Wild

I was speaking to a business today and they are perplexed by the emails their employees are receiving seem fishy and I said as in Phising? She said what do you mean and I said theirs a hunter in your mist don’t respond or click on anything.

I received one of those UPS emails right after my post last week, funny I didn’t order anything so I filed it under “T” for trash. Here are more “Common Attacks In The Wild”!

  • Apple: You recently requested a password reset for your Apple ID
  • Employee Satisfaction Survey
  • Sharepoint: You Have Received 2 New Fax Messages
  • Your Support Ticket is Closing
  • Docusign: You’ve received a Document for Signature
  • ZipRecruiter: ZipRecruiter Account Suspended
  • IT System Support
  • Amazon: Your Order Summary
  • Office 365: Suspicious Activity Report
  • Squarespace: Account billing failure


The desire to receive communications intended for the individual is strong. The potential of something being wrong and/or at risk also plays into the human psyche, leaving the individual to think that he/she must act immediately to resolve the issue. These types of attacks are effective because they cause a person to react before thinking logically about the legitimacy of the email.

Till Next Time ~ Think Before You Click!

Tina Louise ~ ~ 888.871-6584

CEO Fraud – Action Step Four And Wrap It Up!

Isolate security policy violations
For such an incident to happen, violations of existing policy are likely to be in evidence. Conduct an internal investigation to cover such violations as well as to eliminate any possibility of any collusion with the criminals.
Take the appropriate disciplinary action.

Draw up a plan to remedy security deficiencies
When the immediate consequences of the attack have been addressed and full data has been gathered about the attack, draw up a plan that encompasses adding technology and staff training to prevent the same kind of incident from repeating. Be sure to beef up staff awareness training as a vital part of this.

Wrap It Up!
There is no substitute for preparation when it comes to dealing with cybercriminals and the many flavors of CEO fraud. The CEO Fraud Prevention Checklist given here will guide you through the steps to take to proof the organization up against this type of incident.

While those steps will greatly reduce the likelihood of an incursion, all it takes is one gullible or inattentive user to let the bad guys inside. In those cases where CEO fraud is being perpetrated.

In the case of both checklists, security awareness training plays an essential role in creating a human firewall around your organization. Only when users are fully aware of the many facets of phishing will they be capable
of withstanding even the most sophisticated attempts at CEO fraud.

Contact my office for CEO Fraud Response Checklist.

Thank you for following this important series on CEO Fraud…Till next time..Think Before You Click!

Tina Louise – – 888.871.6584

CEO Fraud – Action Step Three!

Action is the cure to all business growth! As it is in security awareness training being proactive instead of reactive determines success of your data.

Contact your insurance company
FBI data shows that less than 4% of CEO fraud funds are recovered. Therefore, it is necessary to contact your insurance company to find out if you are covered for the attack. While many organizations have taken out
cyber-insurance, not all are covered in the event of CEO fraud.
This is a grey area in insurance and many refuse to pay up. Many that have reported CEO fraud to their insurer, find that this type of incident is not covered. Despite the presence of a specific cyber insurance policy,
the unfortunate fact is that no hardware or software was hacked. It was the human that was hacked instead. Insurance companies draw a distinction between financial instruments and email fraud. Financial instruments
can be defined as monetary contracts between parties such as cash (currency), evidence of an ownership interest in an entity (share), or a contractual right to receive or deliver cash (bond). Many companies are
covered in the event of a fraudulent financial instrument.

However, CEO fraud is often categorized differently. It is regarded by some insurance firms as being purely an email fraud and not a financial instrument fraud. In other words, it is being regarded in many cases as a matter of internal negligence or email impersonation as opposed to being a financial instrument matter. That said, there are dozens of carriers in the market providing up to $300 million in limits. Coverage extensions have developed to include both the third-party liability and first-party cost and expenses associated with a data breach or cyber-attack.

Next time…Action Step Four…till then “Think Before You Click”!

Tina Louise ~ ~ 888.871.6584

CEO Fraud – Action Step Two!

Action is the cure to all business growth! As it is in security awareness training being proactive instead of reactive determines success of your data.

Brief the board and senior management
Call an emergency meeting to brief the board and senior management on the incident, steps taken and further actions to be carried out.

Conduct IT forensics
Have IT investigate the breach to find the attack vector. If an executive’s email has been hacked, take immediate action to recover control of that account such as changing the password. But don’t stop there, the
likelihood is that the organization has been further infiltrated and other accounts have been compromised. Have them run the gamut of detection technologies to find any and all malware that may be lurking to strike

Bring in outside security specialists
If the organization was breached, it highlights deficiencies in existing technology safeguards. These will prove harder for IT to spot. So bring in outside help to detect any area of intrusion that IT may have missed. The goal is to eliminate any and all malware that may be buried in existing systems. The bad guys are inside. The organization isn’t safe until the attack vector is isolated and all traces of the attack have been eradicated. This
is no easy task.

Next time..Action Step Three…till then Think Before You Click!

Tina Louise ~ ~ 888.871.6584

Part X: /CEO Fraud ~ Let Them Know About The Procedures!

IT should have measures in place to block sites known to spread ransomware, keeping software patches and virus signature files up-to-date, carry out vulnerability scanning and self-assessment using best practice frameworks such as US-CERT or SANS Institute guidelines, conducting regular penetration tests on WiFi and other networks to see just how easy it is to gain entry. These and many other security procedures will go a
long way towards protecting your organization.  Procedures must also be developed to prevent CEO fraud. Wire transfer authorization is one scenario demanding careful attention. Set it up that any wire transfer requires more than one authorization, as well as a confirmation beyond email. Phone, or ideally, face-to-face confirmation should be included. That way, a spoofed email attack is thwarted as confirmation is done on a different channel. If by phone, only use a pre-existing number for your contact, not one given to you in an email.

The subject of time should also be part of procedure. To guard against urgency injected by a cybercriminal into an email, standard procedure should call for a 24 hour waiting period before funds are transferred. This gives ample time for the necessary authorizations and side-checks for authenticity to be completed.

Next week find out about ~ Cyber-Risk Planning…Think Before You Click!

Tina Louise ~ ~ 888.871.6584


Part IX: CEO Fraud ~ Policy What Policy!

Every organization should set security policy, review it regularly for gaps, publish it, and make sure employees follow it. It should include such things as users not opening attachments or clicking on links from an unknown source, not using USB drives on office computers, password management policy (not reusing work passwords on other sites or machines, no Post-it notes on screens as password reminders), completing specific types of security training including training on security policy, and the many other details of employee and overall security diligence. Policy on WiFi access, for example, should be reviewed. Include contractors and partners as part of this if they need wireless access when on site.

Policy should also exist on wire transfers and the handling of confidential information. It should never be possible for a cybercriminal to hijack a corporate email account and convince someone to transfer a large sum immediately. Policy should limit such transactions to relatively small amounts. Anything beyond that threshold must require further authorizations.  Similarly, with confidential information such as IP or employee records, policy should determine a chain of approvals before such information is released.

Next week find out about ~ Procedures….Think Before You Click!

Tina Louise ~ ~ 888.871.6584

Part IV:CEO Fraud Who’s At Risk

Welcome back ~ Last month we took a look at social engineering and techniques, lets now open up to who is at risk. Such attacks are anything but rare. In fact, they are so successful that billions are being plundered out of corporate accounts. Here are some CEO examples in the last couple years cyber attacks:

The City of EL PASO, Texas 2016: El Paso lost $3.1 million intended for a streetcar project to a person pretending to be a legitimate vendor. The city made two payments before discovering the scam. The city recovered half of the money.

SS&C Technologies Holdings 2016: A lawsuit by Tillage Commodities Fund alleges that financial services software firm SS&C fell for an email scam that led to Chinese hackers stealing $5.9 million. Staffers inadvertently aided the criminals by helping them fix the transfer orders so the money could be transferred. The scam emails added an extra “L” to Tillage as in Tilllage and contained unusual syntax and grammatical errors. The lawsuit seeks $10 million in damages, plus punitive damages and legal fees. A spoofed email, claiming to come from the CEO, requested that accounting transfer money to a foreign account for a fake acquisition. Although the company recovered some of the funds, the CEO lost his job.

Leoni AG 2016: This cable manufacturer lost $44 million to a CEO fraud attack using emails crafted to appear like legitimate payment requests from the head office in Germany, asking for the money to be sent from a subsidiary in Romania. The CFO of the Romanian operation was the victim of the scam. She was taken in by the realistic looking emails and by the fact that the scammers had extensive knowledge about the internal
procedures for approving and processing transfers at Leoni. This indicates that they had penetrated the network earlier, probably through phishing emails and had been snooping for months.

Mattel 2016: The toy manufacturer Mattel transferred $3 million to an account in China after receiving a spoofed email supposedly from the CEO. Fortunately, the finance executive who transferred the money bumped into her boss a short time later and mentioned the deal. As little time had elapsed, the bank in China still had the funds and returned them to Mattel.

Pomeroy Investment Corp 2016: Not so lucky was this firm in Troy, Michigan after it transferred almost $500,000 to a Hong Kong bank. This followed the email account of a company executive being hacked. The error was noticed eight days after it took place, and the money was long gone.

No matter the size of the company the involvement of the CEO and communication with their staff is critical in the leadership, lively hood and company success.

Next post find out ~ Risk or Reputation – Who Is a Target?.. Think Before You Click!

Tina Louise ~ ~ 888.871.6584