This quarter’s IT Security update from our in-house cybersecurity expert,
Jamie Williams, looks at the more serious types of email scams that we’re currently seeing either our own customers facing or businesses in general.
1. TARGETING PAYROLL
Clever attackers are targeting Payroll as a way of penetrating companies. They find out who’s who in your company by looking at your website or social networking sites such as LinkedIn, where job titles and jobs functions are often easily available.
The attacker then emails your HR \ Accounts person pretending to be a member of staff requesting that their salary is paid into their new bank account details as they have changed banks. (Obviously should this happen you’ll have an unhappy member of staff and missing money!)
Make sure that all staff connected to Payroll know that they should never accept bank account changes over email without firstly checking with the member of staff in person, or on the telephone, that they sent the email themselves.
This scam was exceptionally common a couple of months ago, but it keeps coming back and for one simple reason, it has made millions of pounds for hackers!
It utilizes lists of stolen email addresses and passwords which are readily available on the black market. The attacker targets people on these lists by emailing them and adding the stolen password into the email body claiming that they know their password. They also state that they’ve installed malware on their computer and have browsing history and web cam footage of them (doing something naughty), and that unless they pay the bitcoin ransom they’ll send the video to all the person’s contacts.
The password is often years old from previously compromised websites, but for anyone that hasn’t changed their password for years this can be incredibly alarming.
Whilst there is little that you can do about the odd one of these scary emails getting through to your inbox, if the password they list is a current password you use for anything at all - get it changed immediately.
It’s likely the attacker hasn’t tried to login to multiple sites as ‘you’ as their focus has been a blanket e-mail campaign, but it does mean that your password is out there in the bad guys hands and should NOT be used. Because these e-mails don’t often include any malicious links and come from random e-mail addresses, SPAM filters can have a hard time stopping new variants of them from going through to your inbox. More recently attackers are using an image instead of text in the email to prevent clever filters detecting text patterns in the emails.
3. HMRC UNSUCCESSFUL SUBMISSIONS
This cyber-scam is probably more relevant for self-employed people but worth a mention. There has been a spate of ‘Unsuccessful Submission’ emails claiming to be from HMRC and looking VERY real with a link that gives a fake reference number to infect your machine.
The timing of these emails is key as they are very much linked to the end of the Tax Year. Attackers know this and will often use current events to target individuals.
The link in the email is malicious, and ATP for 365 and \ or a SPAM filter with Sandboxing capabilities can help in the fight to blocking this e-mail.
This email cybercrime is particularly sneaky! It’s an email saying:
‘Great news “Enter Supplier’s name here” has sponsored your participation in their online financial platform. This portal will give you visibility to invoice status, payments and past transaction history. There is no charge, just click this link to activate… ‘
Immediately you are thinking, “Ahh, I know that supplier; that might make life easier if I can keep track of things in a portal…”, but of course the link is malicious. They may have had access to one of your email accounts previously, if you were breached, or gained the link from something they’ve seen online. Perhaps a review on your website. Clicking the link will infect your machine.
Telephone the supplier if the company listed in the email is known and discuss and confirm anything like this with them before taking any further action. If you don’t know the supplier listed, feel free to attach the suspicious email to a new email and send it over to Security@ntsols.com for investigation. Again ATP for 365 \ SPAM filters with Sandboxing capabilities will help fight these getting to your inboxes, but nothing is bulletproof.
This email scam simply works by having an infected word document as an attachment to the email and proclaims to come from someone inside your company. For example: often the email claims to be from a Finance Director to a less senior member of accounts.
The email address is usually random, but they use the correct person’s name. It simply asks ‘why haven’t you paid this invoice?’ The footer is often incorrect and doesn’t tend to have the right “company” footer on it if you have one.
Always check the email address in emails you receive like this. If it is unusual to receive an email like that, then double check with the apparent sender. Do you send invoices as DOC files? If not, then odds are you can work out that it isn’t real.
So in summary, there are all sorts of email tactics that have been used by hackers to try and convince users to do something for them and the scams mentioned above are just the more serious ones. These attackers are organised, patient and can (and will) target business individuals directly if they have done their research in order to try and get better results.
To avoid succumbing to these types of attacks, make sure your company creates and implements clear IT Security policies, such as refusing banking changes by e-mail and ensure all staff are aware of this. Also ensure that you have protective measures in place such as SPAM filters with ATP for 365 where possible. And finally, consider user Cyber Security training for all staff: either we can advise you on the best training for your company or you can try a free option, from the many choices online - here’s just one example you can use: https://www.eset.com/us/cybertraining/.
For a good reminder on what to look out for in emails, take a look at the infographic in our article on 'Email Red Flags - how to spot a dangerous email'.
If you have any questions on the above or regarding your IT Security or cybersecurity issues, please contact Jamie directly at firstname.lastname@example.org and he’ll be happy to advise you.