Over the last two years we have seen waves of e-mails, being sent out to millions of mailboxes, impersonating people or companies that we know and trust. If you expect an e-mail from the company or person impersonated, you might end up with a bullet wound. Most users have swiftly ignored these e-mails as they have been made generic, and for most of us, seemed untrustworthy. However, tricksters have found that sometimes they hit the bulls-eye.
Over the last couple of years there has been an increase in occurrences and most companies worldwide have had encounters with opening e-mails that have resulted in data getting locked, that can only be retained by paying a fee. This attack is often referred to as ransomware - a normal problem both for governments, private companies, our children and grandmothers.
Trust is gone, and skepticism online is not only healthy, but required. Train your spouse, kids and your employees to maneuver the web securely. Detect scams and prevent losing valuable assets that matters to you, says Henrik Skandsen, Cloud Portfolio Manager, Cegal.
Seeing these attempts, Cegal have focused on improving our technical solutions, staff training and awareness, and ransomware have become less of a problem. However, as we adapt and improve so does the criminals, eager to fund their next attack. Criminal organizations have seen that wide spread, generic attacks are stopped by filters or healthy user skepticism and found that unique messages have better hit rates, and with the more information they have about their victims, the more accuracy and hit rate they achieve. These custom messages are called spear phishing and they target a much smaller group of recipients. One of these categories are called CxO frauds.
Chief “something” officers are often referred to CxOs and have been targeted the last couple of years. Criminals know that people with these titles are often openly exposed on the internet, and the contact details are often easily obtainable. By checking a company’s website, criminals can determine all key stakeholders in the management group and is so fourth able to craft e-mails impersonating the fellow managers. A typical approach is that the CEO is impersonated, sending an e-mail to the CFO, asking for financial details or providing fraudulent account numbers. These attacks have been present for years but is still growing in number of attacks, and the attackers are always getting more creative.
Where is the trust
Trust is gone, and this is evident for everyone using the Internet. Either if it is your grandmother who got a free anti-virus upgrade, or your child who tried to download a free game, it gets evident. Trust is gone, and skepticism online is not only healthy, but required. Train your spouse, kids and your employees to maneuver the web securely. Detect scams and prevent losing valuable assets that matters to you.
Cegal recommends installing tools to prevent these frauds, and to train your personnel. Users are your most vulnerable attack surface, and attackers utilize this in new and smarter ways. Phishing campaigns are a valuable tool to create awareness among your personnel, and train them to protect your assets.
Contact your sales representative in Cegal, or email@example.com, to get started with training your staff to dodge bullets.
Photo by rawpixel on Unsplash