Over the last few months general public have been repeatedly targeted by a callers claiming to be from Microsoft IT. This practice is known as “Voice Phishing” or “Vishing” where callers impersonate legitimate companies to steal money, personal/corporate financial information.
In this instance the purpose of the call is to gain access to your workstations that they claim are full of viruses. This is not a new scam and is usually targeted at residential phone numbers. The caller is said to have a foreign accent and it was noted that there was a significant delay in their response suggesting that they are calling from another region.
If you suspect you are talking to one of these scammers or are suspicious that the person you are talking to is running a scam:
• Record the incoming number, time and date of the call.
• Do not give them any information about your operations, network or devices.
• Suggest them to ring your IT Support person .
• End the call as soon as possible.
Please note that Microsoft does not make unsolicited phone calls to help you fix your computer.
This is a story about a highly successful phishing scam which was later named as the ‘fake president incident’. This scam is an example of a BEC (Business Email Compromise) attack, more commonly referred to as ‘CEO fraud’.
In a ‘CEO fraud’ attack, attackers impersonate an executive or finance official inside a company in order to trick the victim into transferring a large amount of money from the company’s accounts to accounts controlled by the attackers. The fraudsters will typically spoof the domain name of the target company and ask the victim to make an ‘urgent’ transaction.
The victim of this scam was a company called FACC – an Austrian based aerospace parts manufacturer.
FACC, an Austrian-based aerospace parts maker fired its then CEO, suffered a cyber-attack in which NZ$78 million dollars were stolen.
The attack was in the form of a phishing email. The email sender details were faked to make it look as though it was coming from the CFO (Chief Financial Officer) of FACC. The request in the (fake) email was for multiple large payments to be made for an ‘acquisition project’. These payments were to be made to various accounts in Slovakia and Asia. This email was sent to a team member of FACC.
Since FACC did not have any security protocols in place for such a request, the transfer was put through. The company was able to stop a transfer of NZ$13 million dollars, however by that time it was already too late – NZ$78 million dollars had already been transferred.
This phishing attack is a good example of what is now known as a BEC (Business Email Compromise) attack, more commonly referred to as ‘CEO fraud’. The attackers’ email impersonated the CFO (Chief Financial Officer) of that company. The domain name of the company was spoofed as well.
Despite any evidence that the CEO and CFO was involved in the attack, this incident resulted in the CEO at the time being fired from his job. The CFO was also later released form his role.
By targeting a successful company, the attackers stood to make large financial gains in the event that they successfully duped a member of the company that had the ability to transfer money.
How Can We Avoid this Scam?
In order to avoid this scam, all unusual payment requests should be verified by calling the sender and verifying that the email request is legitimate.
‘CEO Fraud’ is becoming increasingly popular with sophisticated organized cyber criminals. Statistics compiled by the FBI show that the CEO Fraud phishing scam cost American businesses US$246 million in 2015 alone. However that number is likely well below the actual monetary losses, as it only represents losses that were reported to the FBI. Many companies don’t report these kind of crimes, as they don’t want the information to become public.