Finance workers are seeing a wave of phishing attacks that send victims a link to a fake invoice that appears to come from a trusted party, according to a new threat spotlight report from security firm Barracuda Networks.These emails don't usually appear to be out of the ordinary, and guide the recipient to click on a link to an invoice. The sender's name is carefully chosen by the attackers to be someone the recipient knows and trusts.
“The message itself doesn’t seem out of the ordinary, but the included link should raise a red flag,” writes Lior Gavish, VP of content security services at Barracuda. “The entire goal for this attempt is to get the recipient to click on the link, and the criminals have done a decent job of subtly placing the link within the message.”
This is a throwback to the old invoice scams sent by direct mail. An accountant in a company would get an invoice — usually for a modest amount — and pay it without questioning it.
A wave of cyberattacks is targeting organisations' financial departments with a social engineering and phishing campaign designed to trick victims into downloading credential-stealing malware and other threats.Detailed by researchers at Barracuda Networks, the invoice impersonation attacks aim to persuade the victim that the messages are from trusted sources, or to act on impulse -- planting the idea that the target has lost money is a common tactic in phishing emails, as it creates panic for the user.
Many real estate professionals have become keenly aware of targeted wire fraud scams that include email impersonation tactics. A growing avenue cyber criminals are using to get highly sensitive financial data is known as spear phishing, according to Asaf Cidon, vice president of content security for Barracuda Networks, a data protection company.
SLIDESHOW - Barracuda's VP Content Security Services Asaf Cidon reviews various business units inside an organization and which employees are most at risk for spear phishing.
Artificial intelligence and machine learning can be force multipliers for under-staffed security teams needing to respond faster and more effectively to cyber threats. "For example, an AI model can automatically learn that for some companies if the CEO is using a non-corporate email address it is anomalous," says Asaf Cidon, VP of content security services at Barracuda Networks, Inc. "In other companies, it is totally normal for the CEO to use their personal email when they are communicating from their mobile device, but it would not be normal for the CFO to send emails from their personal address."
Nightly Business Report explores real-life spear phishing scams in real estate. Asaf Cidon, VP content security services at Barracuda weighs in. Video at 23-minutes.
Buying a house is one of the most important purchases people ever make, and often one they’ve been saving for years in order to finally place their signature on the closing documents. When you think about the amount of time and effort it takes to not only find the perfect house, get an offer accepted, and ultimately make it through the signing process—the deep breath at the end is truly refreshing. But, what if that breath got delayed, or worse—never came because a cybercriminal interfered with the process and had the loan payment wired to them instead of the seller? This nightmare scenario can have substantial financial consequences for the homebuyer. They could end up losing the house, a whole lot of money, personal information, and much more.
However, cybercriminals are now taking an “enterprise” approach. Similar to B2B enterprise sales, they go after a smaller number of targets, with the goal of extracting a much greater payload with highly personalized attacks. Spear phishing, highly targeted attacks that leverage impersonation of an employee or a popular web service, have been on the rise, and according to the FBI, these attacks have proven to be extremely lucrative for cybercriminals.
With large-scale ransomware attacks dominating headlines this year, particularly WannaCry and Petya, businesses are responding by taking active steps to back up their data and block malware. While this is certainly important, the cost of ransomware attacks pales in comparison to the losses resulting from spear phishing scams, which have already cost companies more than $5 billion and growing, according to the FBI.