[ad_1]

When we receive an email asking us to make a transfer, it is always best to be extremely careful. Even if the email seems to come from our manager, because the risk of it being a scam is very high.

This is what happened to employees of a major sports organization (unspecified), who suffered an attempted type attack Business E-Mail Compromise. Researchers from Avanan, a subsidiary by Check Point Softwarethey explained the attack in detail, also providing a series of tips on how to avoid falling into the trap of cybercriminals.

I’m your CFO – make this transfer immediately

Who would dare to contradict the order of their superior, especially when it comes to one of the most important figures in the company, as in the case of the CFO? Few, certainly. But before we do what we ask, it would be better to make sure that it is really him, and not an impostor.

BEC1

What happened to a major sports club makes us think about how easy it can be to set up a BEC (Business E-Mail Compromise) computer scam without having any technical skills. The criminals simply created a bogus email account through which they impersonated the CFO of the company, then sent emails to the employees of the accounting department asking them to make a transfer as soon as possible, following the instructions contained in the email.

Bec22

Since it was a transfer to West Band Mutual, a real existing insurance company, the request was not so absurd. What the victims did not do, however, was to verify the correctness of the e-mail address and, above all, not to contact their superior, perhaps by telephone, for confirmation. Some some email clients, for example Gmail, report when the email address does not match the one displayed, but not all: for this reason, in case of doubts it is always better to check.

The best approach, in general, is the good old Trust No One, do not trust anyone and, in case sensitive data are requested, such as passwords or tokens, or to make transfers, always better contact the person who requested them for a verify. This is also true if we receive phone calls with similar requests: it would not be the first time that attackers exploit deep fake vowels to convince unsuspecting employees to make wire transfers.

.

[ad_2]

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *