Trend Micro, one of the largest cyber security firms in the world, has released their annual security roundup report, and the results show some alarming trends. With the GDPR upcoming, cyber criminals have been refining their techniques in order to increase their financial gains, moving away from exploit kits which can be an unpredictable earner, to more reliable tactics such as business email compromise, phishing and spam, ransomware, and the relatively new threat to businesses, malicious crypto-currency mining.
Dublin Zoo has admitted it has been hit by a scam in which cyber criminals were reportedly able to steal up to €500,000. The zoo has stated that they are cooperating with the Garda National Economic Crime Bureau in a case of invoice redirect fraud. While neither the Gardaí nor Dublin Zoo revealed the amount of money taken, sources have reported that it was up to €500,000, most of which was successfully recovered.
Reports indicate that Dublin Zoo may have lost up to €500,000 through the scam, with an estimated €130,000 remaining at large overseas.
CEO/CFO Fraud is a phishing scam that has gained popularity in recent years, where cyber criminals hack or spoof the email address of a senior staff member and request an urgent payment to an unknown account. These phishing emails are usually sent to staff involved in the finance or accounts of the company, and request payment in a manner which is often outside normal payment procedures. These emails appear to be genuine to convince staff members to comply with the request, believing they are indeed from their company’s CEO or CFO. Once the money has been transferred to the criminal’s account, it is usually withdrawn again straight away and hidden elsewhere.
You should be extra vigilant of:
– Any payment request which is outside of normal policy or procedure, especially by email
– Any urgent or confidential request for payment transfer, especially if not respecting the standard procedure
– Any unusual request such a transfer of high amounts to an unknown account or to a country where the company does no business
If you do receive an unusual financial request by email, we strongly advise you to get verbal confirmation from the sender before taking any action.
Concerned that your organisation may be vulnerable to such phishing attacks? We’re offering a free phishing risk assessment for companies who want to find out and learn how to mitigate these dangers.