Cyber Criminals Adapt to Deceive

Cyber criminals constantly adapt their approach to deceive their targets and increase their success rate. The J2 cyber security team have seen a new trend developing that speaks directly to this phenomenon.

Our team have been involved in several investigations in the last few weeks and uncovered an adapted approach to completing a successful change of bank details fraud. The attack method is not new, the execution has simply evolved.

Many people have seen and encountered the standard approach to change of bank details fraud, also known as Invoice fraud, where an attacker pretends to be one of your suppliers, creates fake change of bank details letters and emails the accounts department to get bank details updated and then makes off with your heard earned cash…

The end game is the same, to steal your money but the criminal syndicate now uses the fact that most people are working from home to target their prey with a more personal approach. The cyber-criminal uses the telephone and identifies them as the supplier’s finance contact person. The call is friendly, includes some small talk, pandemic discussions and is made to sound unique, right down to using the correct accent. The cyber attacker informs your team that they’re changing banks and asks about the process to do so. They then confirm the details and send this via email. 

As this is expected, your finance team has a higher likelihood of being tricked and falling for it.

The cyber-criminal often uses messaging apps, like WhatsApp or Signal, to confirm the details have been sent and will then call back again a short while later to confirm receipt of the details and to answer any questions or concerns.

This adaptation has been necessitated to get around the usual verification process in place at a business. The attacker does their own verification with your finance team, increasing their success rate exponentially.

There have been different versions and differing levels of sophistication in these attacks, including highly targeted attacks where the cyber criminals have spoofed the supplier’s telephone numbers.

Awareness is key, making your end users aware of changing methods and bedding down your processes will help and is part of our drive for cyber resilience. Externally you should be using every possible method to secure yourself and your reputation.

Implementing DMARC standards can protect your brand from being impersonated, maintaining open communication and a managed user awareness training program will help your people identify attacks before they lead to compromise and having total visibility with associated controls will deliver the cyber resilience you need to stay secured.

A layered, comprehensive and practical cyber resilience program is an absolute necessity. Cyber security requires resilience, resilience requires visibility.

We can help you and your customers.

JM