Email schemes still a threat. Do you have phishing protection?

A $46.7 million business email compromise scheme that targeted Ubiquiti Networks, Inc. shows just how little cybercriminals have to do to fool employees into unknowingly committing wire fraud.

Ubiquiti, a wireless networking technology provider, announced that it had been targeted by an email impersonation scheme that convinced employees in its finance department to fraudulently schedule wire transfers to overseas accounts.

This case is a classic example of emerging business email compromise attacks, which federal authorities in June warned were expected to cause fraudulent losses of more than $1 billion before the end of 2015.

Business email compromise schemes, also known as “masquerading” attacks, are based on social engineering, not key loggers such as Zeus that were used in wire fraud schemes of the recent past. Many criminals have figured out that technical attacks are not needed, simply doing a good job of social engineering, to convince the finance department. Money is sent to the criminals using standard controls and protocols.

The New Wire Fraud
In many phishing schemes an organization’s accounting department receives a fraudulent email from one of the company’s C-level executives requesting an urgent wire transfer. The email fools the employee who receives it because it appears to be coming from the executive when it is actually coming from a criminal. The criminals hide their identities by taking over the executive’s corporate email account or by sending the email request from a spoofed domain that closely resembles the corporate email domain. Due to the urgency of the request, the employee is fooled into skipping standard protocols for confirming wires with a phone call or in-person follow-up before sending the money out. These attacks do not require advanced technology, which makes them harder to spot and track.

These phishing attacks continue to be an issue for a number of banks and other financial entities. Proper training and protocols can prevent a successful phishing attack in almost every case. If you’d like to learn more about how ITPAC’s phishing prevention tools can help you protect your bank, call ITPAC today.