June 24, 2016
As we build greater protections against cyberattacks, criminals find ways to adapt. They adjust their strategies to stay ahead of the law and avoid detection. Their newest tactic is to send individually targeted emails – they aren’t as easy to catch as those that flood email servers by the hundreds.
The attacks are not as random, they are more deliberate. The criminals have studied the individual they’re targeting and the message is crafted specifically for that person.
The message will appear to be from someone the target knows and has corresponded with previously through email. The tone of the email is eerily similar to that of the impersonated sender. Criminals are going to great lengths to make these messages seem legitimate. Gone are the grammatical errors and far-fetched pleas for wire transfers. The new attacks are in the form of a familiar contact with a seemingly reasonable request. They are directed at senior level executives and those with access to financial or sensitive information.
What can be done?
- Educate your team. Familiarize them with the new kind of email criminal. Let them know they are not just looking out for a desperate foreign prince anymore.
- Conduct testing. You might need to hire a security specialist to oversee this process. You need to find out where you and your business are vulnerable. This must be done so you can implement a plan to protect yourself against this kind of criminal activity.
- Be careful about what you put out for public consumption. These criminals are like detectives, picking up whatever crumbs of your personal and professional life they can use to craft the most deceptive attack.
- Put controls in place. Use the results of your security testing to establish a process for wire transfers and the release of sensitive information. This system should consist of approval from several different people at your firm. Discuss wire transfer security measures with your bank as well, and request confirmation over a certain dollar amount.
For more information, see the full article from CPA Practice Advisor.