The Sophisticated Hacker

If you were an accountant and you received an email – signed, dated and company sealed – from you boss telling you to transfer a certain amount of money, you probably wouldn’t be too weary. It’s likely that any concerns at all would be eradicated if the email was followed up by a corresponding phone conversation.

Unfortunately, you may have just fell victim to a new, sophisticated form of hacker and your company money could be swinging itself across the globe into a hacker’s bank account.

BEC

The new, different kind of phishing attack is known as a “business email compromise”, or BEC for short. You won’t be told that you’ve won a millions pounds and you have to send your bank details to claim your prize or that your bank needs your details to set up an innocuous transfer – a BEC isn’t that obvious. A BEC will impersonate someone within your business, with seemingly legitimate email accounts, signatures and information.

Imitation

The aim of the BEC game is imitation. The scam works so well because it’s exceptionally believable and the end result of a long road of preparation. Before any email is sent, the hacker will infiltrate and observe company emails so that they know who is likely to correspond with one another, what roles people do and who is likely to be in charge of money transfers. They can see how these people speak, what words they use and lot and can make themselves sound seamlessly like the person they’re imitating.

They use malware take control of and intercept the email server in order to pretend to be a specific employee so that their email appears legitimate and trustworthy. The malware is so sophisticated that they can hack into an email thread and change previous bank details to be even more convincing.

The Answer?

As hacker’s get more sophisticated, we need to get smarter. There’s no simple solution other than making sure your email is the safest it can be and that you’re double checking all payments and transfers with your usual point of contact. A thirty second phone call could save your business thousands.

And don’t be afraid to give us a call on 01493 334800 if you need to know more.

© 2018 CSSCloud Ltd.

Web Design by FurtherMore Marketing Ltd.

CSSCloud Ltd. is a company registered in England and Wales 10773055 | VAT Registration number: GB 271 0938 07