BSU

BSU_Security_Smart_Summer2016

Issue link: http://bsuit.uberflip.com/i/711357

Contents of this Issue

Navigation

Page 0 of 3

SAFEGUARDING YOUR SECURITY AND PRIVACY AT WORK AND AT HOME NEWSLETTER SUMMER 2016 SUMMER 2016 SECURITY SMART 1 T HE ONSLAUGHT STARTED two years ago, before business email compromise, or BEC fraud, be- came a widely known scam. An email addressed to the controller of security firm Centrify asked for a wire transfer of more than $350,000. The email seemed to come from the CFO and was part of a chain of emails between the CFO and the CEO discussing the transfer. "If you looked at the email thread, it looked legitimate," said Tom Kemp, Centrify's CEO. "And there was a real bank account and a real company name associated with it." The return address looked like that of the actual CFO as well. When the con- troller emailed back, the response was professional and immediate. "They had researched our organization, figured out who our controller was, got her email address, created this email chain be- tween the CFO and myself, created this fake domain, and carried on ongoing communications," Kemp said. Centrify did have additional checks and balances in place, Kemp said, with some paperwork required. But what re- ally stopped the fraud right in its tracks was the fact that he was late to work that morning. Kemp sits near the ac- counting office, and when he walked past it, his employees told him that they were working on the wire transfer he requested. "And I said, 'What are you talking about? I didn't request a wire transfer.' At first, I thought it was just us being target- ed," he said. "We had just raised a round of financing and thought that someone was doing this to embarrass us." But it turned out that the return ad- dress on the email came from a look- alike domain address that had been reg- istered that morning. At the same time, fraudsters registered similar spoofed domains for 60 other companies. Kemp said that he's seen some evolu- tion in tactics. Instead of asking for wire transfers, for example, some fraudsters are asking for sensitive company docu- ments, such as employees' W-2 forms. Others are sending emails to all of a par- ticular vendor's customers asking them to update billing details. The FBI reported in March that com- panies in 79 countries have lost more than $2.3 billion to BEC fraud since October 2013, with the majority of the victims located in the United States. BEC scams usually target business that regu- larly perform wire transfer payments. Email Scammers Work Hard for Your Money Every few weeks, this company gets hit by increasingly sophisticated attempts to trick it out of large sums of money. Could yours be next? HERE ARE THE FBI'S TIPS FOR AVOIDING BEC SCAMS: n Be wary of requests that say they are urgent or require secrecy. n Verify all requests for payments with the purported sender. Use only previously known phone numbers or other contact information, not numbers provided in the email request. n Don't reply automatically to emails using the contact or payment details in- cluded in them. n Verify any changes in vendor payment location or protocol. n Be careful when posting financial and personnel information to social media and company websites. Avoid mentioning out-of-office details, job descriptions and hierarchical information. If you become a victim of BEC fraud, act quickly: n Contact your financial institution immediately and have it notify the financial institution where the fraudulent transfer was sent. n Contact your local law enforce- ment office or FBI office. n File a complaint at the FBI's Internet Crime Complaint Center www.IC3.gov. For more information on staying safe online here at BSU or at home, contact security@bridgew.edu.

Articles in this issue

Links on this page

Archives of this issue

view archives of BSU - BSU_Security_Smart_Summer2016