logo
16 September 2019
Issue 2019.2
www.ciosofindia.com
aboutbg

SECURITY GYAN-BYTES IS PUBLISHED BY CIOs Of India EVERY THIRD MONDAY OF THE MONTH

Dear Name,

One of the most common calls CIO community is making to security experts is that someone tricked our finance team over email, and they have paid a large sum of money to a fraudster; because the email appeared to be coming from our management OR the vendor has paid money to a different account as they received a fake invoice appeared to be coming from us. This article I’ll help put some light on this subject and share how to protect your organization.

SPAM emails have always been a problem for businesses around the world; the menace of mass SPAM emails of the early 2000s was controlled with evolution of technology and matured SPAM filtering solutions.

But guess what, the spammers have also evolved and have figured out a way to extort money using SPAM emails. The spammers build your company profile; conduct a recon and identify the senior management team; get details about CEO/MD/CFO of the organisation. They identify who has authority to handle finance. They can easily get all this information from your company website OR from LinkedIn. The attack cycle is very simple –

They craft a fake email, going from CEO/MD of the company to CFO/Finance head and ask for certain money transfer. The sample email may look like below snapshot -

AWARENESS

The awareness about cyber risks; the current situation of attacks; how they affect businesses must be shared with all employees at regular interval. The example of CEO fraud emails, the process hacker’s use should be shared with senior management and anyone who deals with finance. If possible, at all any change in pre-approved finance process (like changing the account number, Adhoc transfers) should be validated by a phone call.

logo
MailPoet