Phishing in Action: True Stories of Security Scares
So many people hear about stories of phishing attacks or scams online and think that something like that would happen to them. Read more on real-life Phishing horror stories.
“I know a scam when I see one.”
“This isn’t my first day online. I know what to look out for.”
“I grew up with technology. Those attacks are only geared towards old people who don’t know how to use computers.”
Things like this are said far too often when organizations want to discuss cybersecurity. However, the chance of falling prey to a cyber attack is much more likely than many realize.
Attacks are becoming more advanced, and there are entire black markets based around helping people attack networks.
However, not all attacks are complex software attacks. Sometimes all it takes is a little social engineering, and a sneaky email to get someone to make a mistake.
Our team at Intelligent Technical Solutions heard of a situation exactly like this that almost cost an organization a lot of money.
A new CFO starts a job at a new company. He is in his first week when he receives an email from what looks like the CEO’s email. The “CEO” is asking this new manager to transfer some money from one account to another.
This CFO looks at the email and doesn’t suspect anything. After all, the email is from the CEO and this is his job. He wants to do well in his first week so without thinking he prepares to send the money.
However, what the CFO doesn’t know is that he is not communicating with the actual CEO. Instead, an attacker has taken the CEO’s email and transposed two letters in a way that most people will not notice.
For example, would you notice a difference between these two if you weren’t really looking?
It can be so easy to transpose something like that and steal an email signature from someone to make the message look real.
What most likely happened is that some attackers saw that this person started a new job as CFO of some organization. This person is an easy target and ripe for a cyber attack.
Had this person sent the money over there would be no way to recover it. The attacker would be off free with their money and that person might lose their job.
Luckily, right when all of this was happening, the CEO walked into the CFO’s office just to catch up. The CFO explained to a very confused CEO that he or she was about to send the money over right now.
Obviously, the CEO was able to help resolve the confusion, and no money was lost. But this just goes to show how easy it can be to fall for a simple tactic.
Follow our guide on cyber safety tips for every employee to help everyone work safer online.