Slashdot Mirror
Angry Boss Phishing Emails Prompt Fraudulent Wire Transfers
chicksdaddy writes: Lots of studies have shown that assertiveness works in the professional sphere as well as the personal one. It turns out to work pretty well in the cyber criminal sphere, also. Websense Labs has posted a blog warning of a new round of spear phishing attacks that rely on e-mail messages posing as urgent communications from senior officers to lower level employees. The messages demand that the employees wire funds to a destination account provided in the message.
According to Websense, these attacks are low tech. The fraudsters register "typo squatting" domains that look like the target company's domain, but are subtly different. They then set up e-mails at the typo squatted domain designed to mirror legitimate executive email accounts. Like many phishing scams, these attacks rely on the similarities of the domains and often extensive knowledge of key players within the company, creating e-mails that are highly convincing to recipients.
The key element of their attack is – simply – "obeisance," Websense notes. "When the CEO or CFO tells you to do something, you do it." The messages were brief and urgent, included (phony) threads involving other company executives and demanded updates on the progress of the transfer, making the request seem more authentic. Rather than ask the executive for clarification (or scrutinize the FROM line), the employees found it easier to just wire the money to the specified account, Websense reports.
Websense notes the similarities between the technique used in the latest phishing attack and the grain trading firm Scoular in June, 2014. That company was tricked into wiring some $17 million to a bank in China, with employees believing they were acting on the wishes of executives who had communicated through e-mail.
According to Websense, these attacks are low tech. The fraudsters register "typo squatting" domains that look like the target company's domain, but are subtly different. They then set up e-mails at the typo squatted domain designed to mirror legitimate executive email accounts. Like many phishing scams, these attacks rely on the similarities of the domains and often extensive knowledge of key players within the company, creating e-mails that are highly convincing to recipients.
The key element of their attack is – simply – "obeisance," Websense notes. "When the CEO or CFO tells you to do something, you do it." The messages were brief and urgent, included (phony) threads involving other company executives and demanded updates on the progress of the transfer, making the request seem more authentic. Rather than ask the executive for clarification (or scrutinize the FROM line), the employees found it easier to just wire the money to the specified account, Websense reports.
Websense notes the similarities between the technique used in the latest phishing attack and the grain trading firm Scoular in June, 2014. That company was tricked into wiring some $17 million to a bank in China, with employees believing they were acting on the wishes of executives who had communicated through e-mail.
Wait, no... wrong details, and it's not a good parallel to use.
The dude in question was the lead network engineer for the City of San Francisco. Long story short, he had no standing policy to do what he did: he changed the supe passwords on all the city's core routers, locked everyone else out of the the things, then refused to tell anyone what the new password was.
I agree that he shouldn't have gone to jail over it, but TBH it was a dick move on his part.
Quo usque tandem abutere, Nimbus, patientia nostra?