The Human Factor

In January 2016, the company FACC Operations, which is a supplier of parts for Airbus and Boeing lost $54 million as a result of fraud. Hackers broke into the email of the CEO, and asked for urgent transfer of funds to Bank account “suppliers”. Of course, no vendor did not exist — the money went to the accounts of hackers. During the existence of the Business Email Compromise loss of FACC Operations proved to be the biggest.

The transfer of $54 million to the Scam not bankrupted the company, but significantly reduced its share price from $6,33 up to $5,46. According to representatives of the company, this situation will not affect “the economic integrity and liquidity of the company. The hacking of corporate email for the first time attracted the attention of the FBI and other agencies around in 2103. From October 2013 to may 2016 victims of Business Email Compromise (BEC) became 22 thousand legal entities and the total loss amounted to almost $3.1 billion.

Victims of fraud are companies of different scale — from small businesses to large corporations. FBI admits hackers, there is no particular pattern or preferred industry, so they are difficult to calculate. However, we know that before the actual hacking of the victim — often, the General Director or top management- study.

Monitor social networks, travel, correspondence and communication. Often, victims also receive phishing emails asking to clarify details about the company or the person — personal information, date of travel etc. In rare cases, cracking is preceded by the installation of unwanted software or Scareware Ransomware. In March 2016 with BEC almost hacked the Snapchat company.

Then one of the employees received a letter from CEO Evan Spiegel”. In a letter to “der Spiegel” asked to provide personal information of several employees. The companys servers were not hacked and users personal data remains protected. Spiegel wrote an open letter to the corporate blog, in which he apologized for the incident and promised to improve corporate policies of the company and to strengthen protection measures.

For such schemes the American investment Fund Pomeroy Investment has lost half a million dollars in April 2016. The employee received a letter from a “top Manager” with a request to transfer the payment to one of banks of Hong Kong. A payment of $495 thousand were made, and the fraud was revealed only after 8 days.

“In Pomeroy communication virtually always occurred in email, and often there was a confirmed financial transaction,” — said in an interview with Sergeant Megan Lehman, who investigated the case. In February 2015, $17.2 million lost company the Scoular Co. Corporation, which according to Forbes is on the 55 place in the list of the largest U.S. companies engaged in the production, sale and storage of food and fuel.

In the case of the Scoular Co hackers have established a communication with a top Manager of the company Keith Mcmurtry. He received a letter from the “CEO Chuck Elseya”. He wrote him about “a very delicate matter, which is not necessary to tell anyone”. The last few months we worked on the takeover of a Chinese company.

This is a very delicate matter, so lets communicate via email only so as not to attract the attention of the SEC (the Commission on securities and stock exchanges — approx. Ed.). Within a few days, Mcmurtry received 3 letters asking for money. The first transaction was in the amount of $780 thousand in a day for $7 million, and after three days he was asked to transfer $9.4 million.

Mcmurtry, performed all the operations, the money went to accounts in Chinese Bank. After the investigation took the FBI revealed that the hackers used a VPN and could potentially be in Germany, France, Israel or Moscow. After analyzing the reported cases of fraud, the FBI came to the conclusion that scammers are using one of the five circuits.

Diagram of a dummy account CEO-fraud, tampering with the mail is responsible for funds transfer officer, impersonating a lawyer or a legal representative of the company and the stealing of financial information. This way scammers apply if the company is working with foreign suppliers. After the money transfer provider is already scheduled, the scammers contact a company representative by phone, Fax or email and ask to change the beneficiarys account.

Scammers hacked e-mail General Director or top Manager of the company and ask to perform a transfer of funds to their accounts. Sometimes fraudsters make “an urgent request for money transfer” and send it directly to the Finance Department to those transferred the money in the Bank. According to the research publication Trend Micro, most often hacked e-mail CEO (31%) or managing Director (15%). Send the same letter in 40% of cases financial Directors, as they have more powers.

Analysis of emails of scammers have shown that they use letters with such topics as “transfer”, “Request”, “Urgent”, “Request for transfer of funds”. Depending on the internal policy of the company the authority to transfer funds may also have officers of lower rank. In this case, to compromise the account of one of the regular employees and sends a request for transfer of funds to partners or suppliers of the company.

At the request of the FBI, in such cases, it can take months before the parties learn that the money was transferred on account of scams. In this scheme, the scammers are communicating with the company and are represented by lawyers or employees of a legal company. At the time of the call or letter they have prepared a compelling story about the urgent and sensitive issue that requires a solution.

The scammer convinces the representative of the company that need to transfer money urgently. For this reason, the scheme with a lawyer is carried out at the end of the working day or working week, in the hope that the staff will be more vulnerable or panic. In comparison with the others, this scheme is new and appeared only in early 2016.

Fraudsters hack into email of company employees (often the HR Department) and then use it to send requests about personal information of employees and top managers. This scheme is an intermediate stage before the main attack, which will entail transfer of funds. The tools used by hackers is another indicator of how easy it is to commit crimes in cyberspace. A large part of the software is created or consented to by the fraudsters, or bought for little money.

Some tools cost $50, some cheaper or even free. For example, Vulcan Keylogger tool that detects the key press, can be downloaded by donating to the developer any amount of money. One of the most valuable tools is the Predator Pain Keylogger — it costs $40. As in the case of other software, all these programs are cracked and free equivalents.

Another popular Keylogger Hawkeye used two Nigerian cybercriminals Uche and Okiki. They hacked corporate e-mail and intercepted the transactions by directing the payments to their accounts. In addition to cheap software, hacking e-mail doesnt require advanced hacking skills. Therefore, this method of fraud is widespread, but there is another side of the coin — its pretty simple to defend.

FBI offers 5 tips to reduce the risk of exposing the company to such fraud to a minimum.

Read more:

Leave a Reply