Just got lucky again
One of the biggest cases of business email compromise fraud occurred back in July this year. A company from Singapore fell victim to the perfidious fraud scheme. The company received a questionable email purporting to come from a supplier. It asked for an outstanding payment to be transferred to a new bank account. Nobody noticed that the e-mail address was slightly different from the supplier's official address. Accordingly, 42.3 million US dollars were transferred to the fraudulent account. The scam only came to light four days later when the real supplier contacted the company to remind them of the payment. The company reacted immediately and called the police, who called in Interpol. Within a few days, 39 million dollars were frozen from the fraudster's account. In addition, further investigations led to the arrest of seven suspects and the return of a further 2 million US dollars to the victim company.
Refined
CEO fraud, also known as Business Email Compromise (BEC), is an increasingly sophisticated form of financial fraud. Hackers gain access to executives' email accounts or imitate their identity in order to deliberately deceive employees and get them to make transfers to fake accounts.
Typical procedure
The typical process looks something like this: The perpetrators first gain access to an email account of an executive, e.g. the managing director or CFO. They then send a message from this account to employees in accounting or financial administration, requesting an urgent transfer to a new account. In doing so, they imitate the writing style and habits of the manager concerned in order to feign the authenticity of the request. Sometimes, as in the example of the company from Singapore, the email addresses used differ only slightly from the official addresses.
Raising awareness helps
All employees need to be made aware of this. Our partner KnowBe4Germany offers automated security awareness programs that help to prevent this from happening.
Stay one step ahead of cyber threats with the DEFENDERBOX: strengthen your company's resistance to hacker attacks.
Would you like to know how secure your company is? Find out with a test installation!
Current contributions
- Massive attacks on the Internet ArchiveThe Internet Archive was relieved of 31 million user data.
- IT SECURITY DAY NRWAt the 12th IT Security Day NRW in Bonn, you will receive practical tips in various keynote speeches, which threats you should prepare for.
- BvD Fall ConferenceOn October 16 and 17, we were a partner and exhibitor at the eighth BvD Fall Conference.
- Cyber Resilience Act (CRA)The Cyber Resilience Act (CRA) was passed on October 10! This means that vulnerability reporting obligations will apply from 2026 and new requirements from 2027.
- Partnership with Pished.ioZero incident rate with Phished - DEFENDERBOX partnership with Phished.io!
Do you want to know how secure your company is? Try it! Click here for a test installation of DEFENDERBOX.
The Find & Fix introductory offer is valid until
December 31st, 2024.