Cyber criminals are constantly adapting their approach to deceive their goals and increase their success rate, says John McLoughlin, chief executive officer of J2.
J2 is a security-focused African technology company founded in 2006 to meet the need for effective cybersecurity, governance, risk and compliance solutions in Africa.
McLoughlin says that a new trend is emerging that speaks directly to this phenomenon, it is a customized version to complete a successful bank details change scam.
“Many people have seen and learned about the standard approach to bank details fraud, also known as billing fraud. Here an attacker pretends to be a supplier, creates fake letters to change the bank details and sends an email to the accounting department to update the bank details.
“The attack method is nothing new, but the way it works has just evolved. The endgame is the same to steal your money, but the criminal syndicate is now taking advantage of the fact that most people work from home to target their prey with a more personal approach. “
McLoughlin said cyber criminals use the phone to identify themselves as the supplier’s financial contact. The call is friendly, includes small talk, pandemic discussions, and sounds unique, right down to the correct accent.
“The cyber attacker informs your team about the change of bank and asks about the corresponding process. Then confirm the information and send it by email. Since this is expected, your finance team is more likely to be tricked and fall for. “
Criminals often use messaging apps like WhatsApp and Signal to confirm the data has been sent and call back a short time later to confirm receipt of the data and answer questions or concerns.
“This adjustment was necessary in order to bypass the usual verification process in a company. The attacker is doing their own verification with your finance team, increasing their success rate exponentially, ”said McLoughlin.
He said that these attacks came in various versions and degrees of sophistication, including very targeted attacks in which the cyber criminals spoofed the vendor’s phone numbers.
“Awareness is the key to making your end users aware of changing methods and embedding your processes, helps and is part of our pursuit of cyber resilience. Externally, you should use all possible methods to secure yourself and your reputation. “
Read: Intelligence Report Reveals ‘Shocking Reality’ Surrounding Communications wiretapping in South Africa