Perhaps the most encouraging and notable piece of RSA’s most recent quarterly report comes in the form of an overall decrease in cyberfraud. The total amount of cyberfraud attacks observed from January 1, 2018 to March 31, 2018, represented a decrease not only from the previous quarter (16.2%) but also from the same quarter of 2017 (8.6%).Read More
In less than a month’s time, the biggest global extravaganza will kick off in Russia. Thirty-two national teams will fight for the top spot in the 2018 Football World Cup. FIFA estimates that more than $5.7 billion in revenue will be generated from the showpiece event, and that more than a million tourists are expected to travel to Russia. This event will indeed be a good time for more than 3.2 billion fans worldwide, but it will also be a potentially lucrative time for fraudsters.Read More
Ron Cresswell, J.D., CFE
ACFE Research Specialist
While reading a blog on your laptop, a pop-up message suddenly obscures your computer screen. The message, which appears to be from Microsoft, says that your computer is infected with a virus and instructs you to call a toll-free number immediately. You call the number and speak to a woman who falsely identifies herself as “Sarah with Microsoft Tech Support.” Sarah wants you to download a program that will give her remote access to your computer so that she can diagnose the problem. If you comply, Sarah will claim to find a dangerous virus, or another serious security issue, which she will offer to fix for a fee.
This is called a tech support scam, and, according to the FBI, these scams are on the rise.
Tech Support Scams
In tech support scams, fraudsters impersonate major high-tech companies (usually Microsoft, Apple, Dell or Google) and convince victims to grant remote access to their computers. In most cases, victims are instructed to download and run common remote access software, such as TeamViewer, GoToMyPC or LogMeIn.
The goal of most tech support scams is to convince the victim to pay for unnecessary computer services to repair nonexistent viruses or other problems. However, in other variations on the scam, the fraudsters:
- Steal the victim’s usernames, passwords and other personal information
- Install spyware or malware on the victim’s computer
- Refuse to relinquish control of the computer until the victim pays a ransom
- Try to sell the victim software that is useless or free
- Try to enroll the victim in a worthless computer maintenance or warranty program
- Direct the victim to a website that asks for credit card numbers and other personal information
- Harass the victim with phone calls seeking additional fees
To prevent being victimized by tech support scams, consumers and businesses should take the following precautions:
- Do not give unknown, unverified persons remote access to computers or install software at their direction.
- Resist the urge to act quickly. In tech support scams, fraudsters create a sense of urgency and fear to compel the victim to act immediately.
- Disregard pop-up messages that instruct the user to call a telephone number for tech support. Legitimate companies do not communicate with customers this way.
- Hang up on unexpected, urgent calls from outsiders who claim to be tech support, even if the caller ID says Microsoft, Dell, Apple or Google. Those companies do not make unsolicited tech support calls.
- If there is a question about whether a communication is legitimate, look up the company’s telephone number and call to verify. Do not use the number on the questionable communication (e.g., pop-up message, caller ID).
- Ensure that computer networks are protected by strong and regularly updated antivirus software and a firewall.
While tech support scams are common, they are usually easy to spot. Generally, they involve an unknown person asking for remote access to your computer. Once identified, such scams can be defeated by following the guidelines listed above.
Ron Cresswell, J.D., CFE
ACFE Research Specialist
As discussed in a recent Fraud Examiner article, the FBI has issued several warnings recently about business email compromise (BEC) scams. In a traditional BEC scam, a fraudster uses a fake email from a high-level executive to trick an employee into wiring funds to the fraudster. According to the FBI, there has been a dramatic increase in BEC-related losses since January 2015. This month brings more troubling news.
The BEC Attack on Leoni AG
In one of the costliest BEC scams yet, the German company Leoni AG announced that it lost more than $44 million to fraudsters. Leoni AG is the largest supplier of electrical wires and cables in Europe. The company has more than 76,000 employees in 32 countries, including Romania, which is where the fraud began.
According to reports, the fraudsters used cloned emails to target a chief financial officer (CFO) working in the company’s factory in Bistrita, Romania. The CFO received an email asking her to wire $44 million to a specific bank account. The email appeared to be from one of the company’s executives in Germany who frequently requested wire transfers by email. Because the request followed the company’s usual procedure, the CFO approved the wire transfer.
The scam seems simple, but it required a significant amount of advance work by the fraudsters. Although details are still sketchy, the fraudsters probably used social engineering and phishing emails to gather crucial information about the company. That information included the company’s internal procedures for requesting and approving wire transfers. For example, Leoni AG has four factories in Romania, but only the one in Bistrita was authorized to make wire transfers. With this information, probably gathered through months of network surveillance, the fraudsters were able to craft a simple but effective BEC scam.
Romanian authorities are still investigating the theft, which was reported by Leoni AG in August. The identities of the fraudsters are unknown, but there are reports that the money was wired to a bank in the Czech Republic.
Could It Have Been Prevented?
Could Leoni AG have prevented the theft? That’s unclear based on current information. However, the following measures might have stopped it:
- Two-step verification procedure. The fraud probably would have been discovered if the CFO called the company’s German headquarters to confirm the wire transfer request. Many companies require that kind of two-step verification procedure for wire transfers.
- Employee education. The theft also might have been prevented if the CFO knew enough about BEC scams to be suspicious of the $44 million request. That is why companies should educate their employees about BEC scams and other common frauds.
Fraud professionals should continue to follow news of the Leoni AG case, which is still in the early stages of investigation. It’s the story of a sophisticated, multinational company that lost $44 million through a relatively simple BEC scam. As more information comes out, the Leoni AG case may provide some valuable lessons.
LIVE FROM THE ACFE ANNUAL FRAUD CONFERENCE
Assistant Editor, Fraud Magazine
In his lively presentation on Monday, Cary Moore, CISSP, EnCE, discussed cyber threats, both from without and within an organization. The insider is the cyber thief who works from within the company and is often a trusted employee.
The insiders fall into the following categories:
- Traitors - These are people who consciously decide to betray their organization. There is not much information on them in the private sector as usually they are fired, not studied. Red flags include unusual change in work habits and seeking out sensitive projects.
- Zealots - These firmly believe that the ends justify the means, and their cause is absolutely correct. Being so highly motivated makes them especially dangerous.
- Spies - In the private sector spies can be working for your biggest competitor. They find out such business intelligence as product development and launches, potentially costing you millions of dollars.
- Browsers - These employees casually peruse information, not actively seeking out anything specific but will use information for personal gain. They are extremely hard to identify.
- Well-Intentioned - Everyone wants to help, but when an employee receives a pleading email from someone purporting to be a friend or relative, they will scramble to help that person. However, they unleash costly viruses when clicking on links or opening attachments via spear phishing, whaling and smishing.
Moore advised on how to frame and conduct an investigation into these insiders. His tips included looking for bogus accounts, activity at odd or unusual times and employees turning their computer screens so people passing by can't see them.
He said ideally, don't let anyone outside of your company connect to your network, but if you must, have them sign the same network access agreement as your employees, including monitoring by IT. When you have visitors in your building, don't assume they are without suspicion. Make sure they have an escort at all times. They can walk out with your intellectual property safely stored on flash drives hidden in watches, pens, even cufflinks - "for the James Bond in all of us," said Moore.