Recently in Victoria, a business lost $10,000 CAD by falling victim to an email phishing scam. Many people think they're savvy enough to not fall victim themselves, but scammers are getting smarter and better adept at tricking you into playing along.
In this particular incident, a scammer sent a phishing email to a company's CEO with a link to a fake Word document, requesting the victim's login credentials in order to access the file. The CEO figured that the file was corrupt, as it kept rejecting his credentials, and in this instance, thought nothing of it.
In reality, the scammer now had access to the CEO's entire email account which was studied for days to determine the best person to email to carry out the rest of the scheme.Days later, an employee in the finance department at this company received an email from the CEO's email address. The email instructed the employee to pay the overdue account of the attached file immediately and let him know once it had been paid. Emails with instructions to pay invoices were common occurrences in this employee's role, so to her, nothing was amiss. Especially since it came directly from her boss's email address.
Unfortunately, the employee sent the money only learning shortly after that it was a scam. The company is now working alongside the RCMP to try to retrieve the lost funds.In light of these "sophisticated" phishing attacks that seem to be popping up around the globe, it's important to have discussions with your staff about recognizing and deflecting scam attempts. But more important than money these days is data and data security - something that was also heavily compromised in the news story above. Check out the article below for one CISO's creative way to keep his employees on their toes when it comes to cyber security.
Read the full article here:
https://www.businessinsider.com.au/cisco-chief-information-security-officer-strategy-for-fighting-cyber-attacks-2017-9/?r=US&IR=T#/#kill-your-click-throughs-1
