Cyber criminals up the ante in SA

Earlier this month, US took part in a global email scam crackdown in which 74 cyber criminals were arrested. The coordinated arrests occurred in the US, Nigeria, Canada, Mauritius and Poland, and 30 of those who were apprehended were in Nigeria.

The FBI said that the scammers had reportedly cost their victims a total of around $3.7 billion since it had begun tracking it. But aside from the financial haul, what made the attacks stand out was how sophisticated they were.

These weren’t garden-variety phishing scams using say, a clichéd plea from some foreign member of royalty, or even a fake link asking users to verify an app account. Rather these criminals who executed these scams managed to spoof the email addresses of corporate CEOs.

According to Alison Treadaway, a director at security firm Striata, the criminals would hack into an email account and send a phishing email from the legitimate email account and then intercept the replies. In this instance, there was no way to determine from the email itself that it is a scam, because the message information – the ‘FROM’ address – would be legitimate.

“These scammers will have done their homework – they will know enough about you and your CEO to make the request sound legitimate,” says Treadaway. “They will also convey a sense of urgency prompting the victim to execute the request without thinking it through.”

As with most cyber crime techniques, one would think it’s only a matter of time before they land on SA’s shores. However, Treadaway says these methods are already being used to target victims locally.

“There are numerous examples of scammers taking control of an email account and posing as the owner of the account to commit fraud,” says Treadaway. “There have been scams involving an estate agent (intercepting emails about deposit payments) and a school accounts department (intercepting interactions about school fees).”

“In both cases, the fraudsters posed as the legitimate owner of the email account with the objective of diverting money to bank accounts under their control.”

Treadaway says that it’s imperative both individuals and local businesses stay up to date with the latest email scams. By communicating regularly, they can keep themselves and their staff up-to-date, helping reduce the likelihood of such an attack succeeding.

“Organisations also need to prepare for the eventuality of an attack and breach,” she says.

“After all, it only takes one compromised staff member or machine to infect an entire network. With the right plans and systems in place, an organisation can dramatically reduce the fallout.”