Last month, we wrote about an FBI report that warned businesses to look out for an email scheme targeting executives and financial employees. But in recent weeks, these efforts, dubbed “spearfishing” by security experts, have intensified. CMIT Solutions was even called in to deal with several instances of the scam—one of which ended up costing a business tens of thousands of dollars before it was properly identified.
Here’s how this simple, relatively low-tech social engineering scam works: someone at your company receives what they believe is an email from an executive. The message will typically reference a wire transfer or other allocation of funds. Everything about the email will look appropriate, but close examination often reveals that the domain name has been registered with one extra letter or a subtly misspelled word—“yourwebsiite.com” instead of “yourwebsite.com,” for instance. This can at quick glance look legit, and spearfishing victims will proceed with the request.
Other irregularities are common to such schemes. The email may address its recipient as “William” when everyone at the company refers to you as “Bill.” But the scammers are adept at doing their homework, probably researching public information about your company via LinkedIn or Facebook. Scammers then register an email domain that looks very similar to yours. Because these are real-time, targeted efforts to trick you, scammers will respond immediately if you reply to the email. Given today’s corporate culture and common lack of face-to-face communication, this back-and-forth usually makes the victim feel comfortable that it’s in fact a legitimate request.
In the specific case mentioned above, CMIT Solutions contacted the company that registered the domain of the client that got scammed, and they provided a list of all the domains that the scammers had registered that day (and then canceled the next day). In classic hacker fashion, these were set up with fake names, a South African IP address, and a bank account in China, allowing the spearfishers to quickly move on to another innocent target before law enforcement action could be taken.
Since spearfishing scams like these are very real, costing real companies real money, CMIT Solutions recommends these steps to avoid them:
1) If you receive an email regarding a wire transfer or a large sum of money, be suspicious. For companies that conduct numerous wire transfers during the normal course of day-to-day operations, you are a much easier mark than a firm that never transfers funds in this manner. Unfortunately, scammers are smart enough to target the right kind of companies first.
2) If you believe you’ve received a spearfishing email, DON’T RESPOND and call your IT provider immediately. Responding will “set the hook” so to speak and only invite more communication from the scammers. Contacting someone well-versed in these types of scams can also allow the false domain to be traced and possibly shut down.
3) Check the email header, subject lines, and body copy meticulously for small errors. Again, you can’t do this with every single email—but any message that involves financials or the transfer of funds should be reviewed for minor spelling errors, extra characters, or naming discrepancies.
4) Do not open any emails or attachments from any sender you don’t recognize. Last year’s CryptoLocker virus spread primarily through malicious PDFs, audio files, and other attachments that computer users unwittingly clicked on. If you don’t know the sender and aren’t expecting a file, don’t click on it!
5) Avoid using free, web-based email for business purposes. Establish a company website domain and use secure email accounts for all communications. Strongly consider a proactive monitoring or comprehensive network security solution, which should conduct regular malware scans and daily updates, as well as deploy strong firewalls and anti-spam protections that can filter out scams like the one described above—and alert security experts to spoofed or hacked accounts.
Online schemes will never end—even if spearfishing disappears tomorrow, something new will emerge to take its place. But awareness and vigilance can make the difference—along with a trusted IT partner deploying the right solutions to keep your business safe. Contact CMIT Solutions today to find out how we protect our clients and their employees.