What’s Tricking Companies into Losing Billions?

Spoofing Emails. In many circumstances an employee may get an email that looks like it’s from a boss requesting that money be sent over to complete a transaction with another business, however, a lot of the time the money will never get to the location it was intended to be and now the company has lost a lot of money (BBC 2019). According to Search Security, the definition of email spoofing is, “the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source” (Search Security 2019).

This type of attack usually uses “low-tech” and cyber-criminals can just “simply spoof the email address of a company executive and send a convincing request to an unsuspecting employee,” usually making it seem like there’s a “sense of urgency to the order” (BBC 2019). These types of scams are only on the rise and have resulted in a great loss of money for companies around the world. According to the article I read, since 2016 these hacks have “resulted in worldwide losses of at least $26bn” (BBC 2019). Just earlier this month there was a massive take down operation of “global cyber-crime networks based on scams” in which 281 suspected hackers were arrested from 10 different countries around the globe (BBC 2019). This type of scam is actually the “most expensive problem in all of cyber-security” (BBC 2019).

It also turns out that these criminals don’t always go for the most executive targets. Sometimes they just go for whoever is the most exposed and easiest to trick. For example, sometimes “employees’ emails are spoofed and the attacker asks the human-resources departments to send a victim’s wages to a new bank account” (BBC 2019). These attacks might not always give the hacker the biggest return, but it helps them “fly below the radar” and lessens the chances of them getting caught (BBC 2019).

Finally, I wanted to discuss some ways that companies can avoid this problem from happening. An article I found online shared ways you can avoid becoming the target in these situations. First off, you want to check your SPF (sender policy framework) records and perform any adjustments if needed, and if you had received a spoofed message to “make sure your system is set to perform SPF checks” (Star Chapter 2019). Of course, you will also want to check the sender’s information very carefully as well. There are a list of smaller things to be looking out for. And of course, companies need to be educating there employees on all of this (Star Chapter 2019). If everyone knows how to spot a fake email then the company as a whole will be better protected and less likely to fall victim to these terrible scams.

Sources:

Photo:

 

3 thoughts on “What’s Tricking Companies into Losing Billions?

  1. I find this issue fascinating and how it is so widespread, with major companies losing billions of dollars. With all of the innovation and technological advancements we have in 2019, it is so surprising how employees can be tricked into giving money to these people who send scam emails. For example, an international wire and cable company lost approximately 44 million dollars to a single email scam! (Cluley 2016).
    This extreme loss of money led to stocks dropping, and many issues in detaining the perpetrators rose. This process is also known as “CEO frauding”, where someone portrays themselves as a company CEO, asking another company for money that they are owed. Sometimes these perpetrators can use inside knowledge to trick the employees even further (Shah, 2016). This major issue is making large companies lost vast amounts of currency to phishing and email scams.
    Sources:
    https://www.tripwire.com/state-of-security/security-data-protection/44-million-email-scam/
    https://www.theinquirer.net/inquirer/feature/2460065/top-5-biggest-phishing-scams

  2. I find this issue fascinating and how it is so widespread, with major companies losing billions of dollars. With all of the innovation and technological advancements we have in 2019, it is so surprising how employees can be tricked into giving money to these people who send scam emails. For example, an international wire and cable company lost approximately 44 million dollars to a single email scam! (Cluley 2016).
    This extreme loss of money led to stocks dropping, and many issues in detaining the perpetrators rose. This process is also known as “CEO frauding”, where someone portrays themselves as a company CEO, asking another company for money that they are owed. Sometimes these perpetrators can use inside knowledge to trick the employees even further (Shah, 2016). This major issue is making large companies lost vast amounts of currency to phishing and email scams.

  3. In my recent blog post I discussed how IoT devices and technologies and emergent AI will likely remove some low-skill jobs from the supply Chain and Manufacturing industry, and then went on to mention that jobs pertaining to the use and upkeep of these technologies would pop up to replace these low skill jobs. This emergence of new jobs can easily be applicable to the Spoofing email crisis. It isn’t likely that there will be a loss of jobs aside from firing employees who mistakenly hand over part of the company’s assets to scamming strangers online. Instead, there is a good chance that the demand for more comprehensive cyber security will increase to ensure this kind of phenomenon doesn’t continue or affect those not yet victim to spoofing.

    Part to blame is IoT technology. The attackers infect one computer with malware via methods like ads, spam mail, and other mediums. From that point, the malware searches the infected computer for email addresses affiliated with the company for the purpose of spreading itself further through the business network (Mitra, 2017). The ultimate intention for spreading the malware could range from simply having multiple employees to spoof and transfer funds to a seemingly routine location that is actually an account set up by the hacker, or the malware could be much more malicious and could be used to control the network of the business if it spreads far enough and can gather the data necessary to access sensitive information. Regardless, this kind of spreading is only possible because of the interconnectedness of IoT technology; constantly communicating data to other devices within the network and thus constantly connected. Something as simple as having access to data logs of sent emails and conversation logs between employees on the business network would be enough for the malware to spread. Jobs to design software that automatically detects and sends a notice of the malware infection to the IT department or other types of cybersecurity positions meant to maintain the security of SMTP servers and other networks involved with the spoofing process. Overall, the IoT can open doors to varied cyber crimes but can just as easily lend itself to the development of technology to counteract this behavior, and in turn professions based around this technology.

    Sources:
    https://www.thesecuritybuddy.com/email-security/what-is-email-spoofing/

Leave a Reply