Disturbing reports of unauthorized wire transfers and gift card purchases are running rampant. Millions of dollars are disappearing on the Dark Web in a matter of minutes.
Let's look at just one example:
- An employee receives an email from the CEO instructing the employee to buy 100 iTunes Gift Cards for the upcoming Marketing activity. The CEO stresses the urgency of the request, he needs the cards purchased right away. After purchasing the cards, the employee is instructed to scratch the cards to reveal the codes and send all of the codes back via the email to the CEO.
- The “CEO” is a hacker, the email if from the hacker, impersonating the CEO. Once the hacker receives the gift card codes, it’s game over. The codes are sold on the Dark Web at a discount, the currency is Bitcoin.
- The transaction is complete and it is virtually untraceable.
What should I do to avoid being a victim?
Educate all employees – Employees are trying their best to follow the rules and promptly reply to requests from senior management. Problem is that sometimes "senior management" is a hacker in Hong Kong. In their haste to perform for senior management, some employees will blindly follow instructions because they have not been trained to recognize the scam.
Implement Advanced Threat Protection – A layered approach to security has proven to be the best protection. Security protection needs to be implemented at multiple levels in a network, on endpoints, server, firewalls, Internet portals and all DNS queries should be protected. Enable logins with 2 factor authentication (2FA).
Know where your weak points are and risk manage them – Where are you the most vulnerable? Give some thought to the data you possess and who has access to it. Know who your most vulnerable employees are and ensure they are cybersecurity aware – the employee that receives the email for firstname.lastname@example.org should be very security-conscious.
How do I start becoming more secure – begin with a security audit of your network and then mitigate or manage the risk. Senior management of each company will ultimately decide which risk is acceptable and which risk needs to be mitigated.
Security is not free or easy, it takes time and effort to ensure the protection of a network. By most estimates you should dedicate about 10% of your overall IT budget to security related products and services. Security management is a continuous process that requires patience and cooperation from all employees. No matter how much money is spent on elaborate security schemes, an employee, because they are a trusted user, can bypass key security protection with the simple click of a mouse.
Let’s protect corporate assets and help employees avoid being the one that clicked the link.