Australian businesses lost over $7 million from email scams last year, with $3.8 million reportedly stolen due to ‘Business Email Compromise’ scams. 这些骗局正在打击越来越多的澳门赌场官网企业,造成代价高昂的后果. 如何识别商业电子邮件泄露骗局?如何避免沦为其中的受害者?
What is a Business Email Compromise?
“商业电子邮件入侵”(简称“BEC”)指的是骗子入侵企业电子邮件系统,并冒充预定的付款收件人. 骗子要求更改银行账户详细信息,以便企业向骗子而不是合法企业付款.
How is a Business Email Compromise perpetrated?
- Using social media and web research, a scammer adopts the identity of a trusted supplier or employee, typically a senior manager or C-level executive. In some cases, 骗子可以通过“免费”WiFi网络获取用户名和密码, malware or exploiting a weakness in an app. 然后,他们使用被劫持的名字,加上一个“相似”的电子邮件地址和被盗的品牌形象.
- Posing as a senior staff member, 犯罪者会给目标组织的员工发电子邮件——通常是金融部门的员工, accounts payable or payroll – who has authority to pay cash, change bank details or access sensitive information. They often start by ‘grooming’ the employee to build rapport and create trust, before asking the employee to take action.
- Once the perpetrator establishes trust, 他们迫使员工要么提供一份公司的财务手册(或类似的),要么进行“紧急”电子资金转账(EFT)到特定的银行账户, or change a valid supplier or employee’s bank account.
- Once the payment is made, this money is transferred or split across other banks, 然后把钱送到海外,或者从其他毫无戒心的受害者的受损银行账户中提取(这在洗钱中很常见)。.
只有当供应商或员工意识到他们没有收到付款时,盗窃才会被发现, which can be after multiple payments. 这给了犯罪者时间来吸走资金,使恢复几乎不可能. 这通常让受害者没有追索权,只能向他们的保险公司索赔.
How businesses can mitigate these risks
这四种策略可以保护您的组织免受商业电子邮件泄露攻击的影响.
1. Educate and empower your employees
- Employee awareness – Make your employees aware of BEC scams (and their many variants). Defences can fade over time, 因此,为您的员工提供最新的培训,以建立一个持续的弹性防御,以抵御这些骗局的新变体.
- Policies and procedures – Check that your policies, procedures and controls are effective for mitigating these types of scams. 例如,任何要钱的请求都应该打电话给一个已知的电话号码. 也可以发一封后续邮件到一个已知的电子邮件地址,通知供应商或员工.
- Empowered employees -让你的员工接受他们的“直觉”,如果他们对某个要求感到不确定,就向经理咨询, even if it appears to be coming from the CEO. 这一点额外的时间是微不足道的影响相比,一个成功的骗局.
2. Secure your networks
- Good security controls – Develop and maintain controls to prevent your network being exploited. 实施缓解策略,特别是针对财务人员使用的计算机, human resources and senior executive teams.
- Two factor identification -骗子通常会试图欺骗用户向虚假网站提供电子邮件登录凭据. 这些凭据将用于登录帐户并将BEC内容发送给您的澳门赌场官网人. 使用强大的多因素认证,以防止骗子使用您的电子邮件登录详细信息.
3. Block emails coming from your own domain (spoofed)
- 实现电子邮件发件人验证控件,以防止其他人欺骗您的域名,并帮助您在技术上识别欺骗的电子邮件.
- 将电子邮件服务器配置为拒绝并非来自发件人所在组织批准的电子邮件服务器的电子邮件.
- 考虑注册与您组织的域名相似的域名(例如, 用数字(如“1”和“0”)代替公司名称中的字母(如“l”和“o”). 这将有助于防止恶意行为者使用类似的域名来欺骗来自您的业务的电子邮件.
4. Agree a Business Email Compromise incident response plan
Know how to respond if the ‘unthinkable’ occurs. It’s imperative to have a consistent incident response plan in place. 时间是至关重要的,每过一分钟,资金被追回的可能性就会降低. Organisations that may need to be contacted include:
- 您的银行和资金转到的银行,看看是否可以暂停/退还资金.
- 当地执法部门和澳门赌场官网网络犯罪在线报告网络考虑可能进行的刑事调查.
- 你所在机构的保险公司,假设你有相关的保险.
Lastly, 虽然这种骗局可能带有外部商业电子邮件妥协攻击的特征, any investigation should be conscious of the ‘Insider Threat’. 有些攻击涉及共谋或完全由工作人员或供应商实施.
Accru offers a range of audit & assurance services to help protect organisations from risk. If you would like to learn more, please contact your local advisor.
